Method and system for anonymous reporting

ABSTRACT

A system and method for anonymous reporting. Specifically, the method includes collecting user information about a user and generating a user profile based on the user information. The user profile is stored such that the user profile is used to achieve delivery of data that is targeted to the user based on the user profile without requiring a release of user information in the user profile. A signed authorization number is generated. The signed authorization number is signed by the third party but unknown to the third party. The signed authorization number is attached to a report detailing activities of the user. The report along with the signed authorization number is sent to the third party to preserve reporting privacy of the user. The third party is able to authenticate the report using the signed authorization number.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is related to co-pending patent application Ser. No.11/123,935, entitled “METHOD AND SYSTEM FOR TARGETED DATA DELIVERY,”filed May 5, 2005, and assigned to the assignee of the presentinvention, the disclosure of which is hereby incorporated herein byreference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

Embodiments of the present invention relate to the field of datadelivery. More particularly, embodiments of the present invention relategenerally to targeted data delivery to users who satisfy selectioncriteria.

2. Related Art

The delivery of data over a communication network, such as the internet,to users can be an inexpensive and powerful tool for marketing goods andservices. As one example, data can be delivered to a display of a userthrough various means while the user is connected to the communicationnetwork. For example, data such as an advertisement over the internet toa user coupled to the internet can be delivered through the forms ofbanner ads, pop-up ads, e-mails, etc. Typically, delivery of suchadvertisement is without the consent of the user. That is, theadvertisement is unsolicited by the user.

The initial cost for the delivery of the advertisement through thecommunication network is much less than that of conventional forms ofadvertising communicating through more traditional media, such asmailers, magazines, television, radio, etc. As a result, the advertisercan easily deliver many more advertisements to users over thecommunication network. Also, since, typically, few if any restrictionsare placed on the delivery of advertisements, the advertisers takeadvantage of the cheaper form of advertising by deliveringadvertisements to wider segment of the population.

However, the inexpensive delivery of advertising can be problematic tousers. That is, users may be deluged with unwanted and unsolicitedadvertising. For example, advertising can be delivered through e-mails.Because the cost of sending e-mail is relatively small, unsolicited junke-mail or “spam” can be delivered to numerous e-mail addresses. As such,a user may be bombarded with multiple different spam e-mailadvertisements.

These unsolicited spam e-mail advertisements can adversely affect theuser by wasting the user's time, resources, and opportunities.Specifically, the unsolicited spam e-mail advertisement may overwhelm auser since the user must waste valuable time in addressing and deletingunwanted spam e-mail advertisement. In addition, unsolicited spam e-mailadvertising may overload a user's e-mail account. That is, the in-boxfor the user can be quickly filled with unsolicited spam e-mails. Thisdenies the user full use of their e-mail account, since legitimate orwanted e-mails are not delivered to the spam-filled e-mail account. Assuch, resources are wasted on unsolicited spam e-mails, andopportunities may be lost since the user cannot access legitimate orwanted e-mails.

In addition, while the inexpensive delivery of advertising over thecommunication network is an advantage to the advertiser, the variousforms for delivering advertisements in the conventional art areinefficient. For example, banner advertising, which is more expensive toimplement than spam e-mails can be delivered to inappropriate recipientsdue to incomplete information about the users. That is, the targeting ofusers is insufficient due to a lack of information about the users. As aresult, advertising funds are wasted on delivery of the advertisement touninterested or inappropriate users. For example, a business may offerservices that are valuable only to owners of an automobile. Usingconventional spam delivery techniques, the advertisement may bedelivered to numerous users who do not own an automobile and areuninterested in automobile-related services. As such, the business iswasting its advertising by delivering advertisements to users who arenot likely to be interested in the services offered by the sources. Inshort, traditional data delivery methods may lack efficiency bydelivering data to inappropriate users.

Further, conventional delivery mechanisms may encroach on the privacy ofthe user. For example, various spyware mechanisms provide targetinginformation to advertisers by spying on the activity of a user on anelectronic device. This spying is typically perceived as an encroachmenton the privacy of the user. In another example centralized storehousesdatamine user information from a cross-section of websites and off-linesources. This may be perceived as an encroachment on the privacy of theuser.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a flow diagram illustrating a computer implemented method fortargeted data delivery, in accordance with one embodiment of the presentinvention.

FIG. 2A is a flow diagram illustrating a computer implemented method fortargeted data delivery to determine if a user profile satisfies theselection criteria, in accordance with one embodiment of the presentinvention.

FIG. 2B is a flow diagram illustrating a computer implemented method fortargeted data delivery that determines if a user selected relevancycriteria been satisfied, in accordance with one embodiment of thepresent invention.

FIG. 3 is a block diagram illustrating a system architecture of a databroadcast network that is capable of targeted data delivery, inaccordance with one embodiment of the present invention.

FIG. 4 is a flow diagram illustrating the flow of data in the databroadcast network of FIG. 3, in accordance with one embodiment of thepresent invention.

FIG. 5 is a block diagram of a network that is capable of targeted datadelivery between a plurality of data sources and a network of usersthrough a data distributor, in accordance with one embodiment of thepresent invention.

FIG. 6 is a block diagram of a system that is capable of targeted datadelivery between a data source and a client, in accordance with oneembodiment of the present invention.

FIG. 7 is a flow diagram illustrating operations in a computerimplemented method for targeted data delivery taken from the standpointof a user layer, in accordance with one embodiment of the presentinvention.

FIG. 8 is a block diagram of a system that is capable of targeted datadelivery from the standpoint of a user layer, in accordance with oneembodiment of the present invention.

FIG. 9 is a flow diagram illustrating operations in a computerimplemented method for determining if an offer for the delivery of datahas been accepted, in accordance with one embodiment of the presentinvention.

FIG. 10 is a diagram of a display illustrating an interface for anapplication capable of targeted data delivery, in accordance with oneembodiment of the present invention.

FIG. 11 is a diagram of a display illustrating an icon for a minimizedapplication capable of targeted data delivery, in accordance with oneembodiment of the present invention.

FIG. 12 is a block diagram of a system that is capable of targeted datadelivery between a plurality of advertisers and a network of consumersthrough a data distributor, in accordance with one embodiment of thepresent invention.

FIG. 13A is a flow diagram illustrating operations in a computerimplemented method for targeted data delivery in which a query isgenerated, in accordance with one embodiment of the present invention.

FIG. 13B is a flow diagram illustrating operations in a computerimplemented method for targeted data delivery in which a query isaccessed, in accordance with one embodiment of the present invention.

FIG. 14 is diagram illustrating a system capable of implementing themethod of FIG. 13A, in accordance with one embodiment of the presentinvention.

FIG. 15 is a flow diagram illustrating operations in a computerimplemented method for targeted delivery of data in which an incentiveis distributed, in accordance with one embodiment of the presentinvention.

FIG. 16 is a data flow diagram illustrating the flow of information inthe method of FIG. 15, in accordance with one embodiment of the presentinvention.

FIG. 17 is a flow diagram illustrating operations in a computerimplemented method for targeted data delivery in which data and a queryare generated for targeted data delivery, in accordance with oneembodiment of the present invention.

FIG. 18 is diagram illustrating a system capable of implementing themethod of FIG. 17, in accordance with one embodiment of the presentinvention.

FIGS. 19A-F are diagrams illustrating exemplary user interfaces used togenerate an offer for the targeted delivery of data, in accordance withone embodiment.

FIG. 20 is a flow diagram illustrating operations in a business methodfor revenue generation by enabling targeted data delivery, in accordancewith one embodiment of the present invention.

FIG. 21 is a flow diagram 2100 illustrating operations in a businessmethod for generating increased user interest in a particular item ofdata by enabling delivery of the data to selected targets, in accordancewith one embodiment of the present invention.

FIG. 22 is a flow diagram 2200 illustrating operations in a businessmethod for efficiently spending an advertising budget by enablingdelivery of the promotion data (e.g., advertisements) to selectedtargets, in accordance with one embodiment of the present invention.

FIG. 23 illustrates a flow chart illustrating a computer implementedmethod for anonymous reporting, in accordance with one embodiment of thepresent invention.

FIG. 24 is a flow diagram illustrating the flow of information exhibitedbetween a client and a third party to achieve the anonymous reporting ofuser activity related to data targeted to the user, in accordance withone embodiment of the present invention.

FIG. 25 is a flow chart illustrating a computer implemented method forthe generation of the signed authorization number from the standpoint ofa client, in accordance with one embodiment of the present invention.

FIG. 26 is a flow chart illustrating a computer implemented method forgenerating a signed authorization number from the standpoint of athird-party and the subsequent authentication of data received inconjunction with the signed authorization number, in one embodiment.

FIG. 27 is a flow chart 2700 illustrating a computer implemented fortransferring cash or credits anonymously, in accordance with oneembodiment of the present invention.

FIG. 28 is a flow chart illustrating a computer implemented method for acommitment scheme with payments that are delivered anonymously, inaccordance with one embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

Reference will now be made in detail to the preferred embodiments of thepresent invention, a method and system of targeted data delivery,examples of which are illustrated in the accompanying drawings.

Accordingly, various embodiments of the present invention disclose amethod and system for targeted data delivery. Embodiments of the presentinvention provide for protection of user privacy. In addition, otherembodiments of the present invention provide the above accomplishmentsand provide for more efficient data delivery by targeting advertising tointended recipients. Also, other embodiments of the present inventionprovide the above accomplishments and also discourage spam through afiltering mechanism through the preprocessing of messages to determineif they meet a relevancy criteria set by the user.

Notation and Nomenclature

Embodiments of the present invention can be implemented on softwarerunning on a computer system. The computer system can be a personalcomputer, notebook computer, server computer, mainframe, networkedcomputer, handheld computer, personal digital assistant, workstation,and the like. This software program is operable for providing targeteddata delivery. In one embodiment, the computer system includes aprocessor coupled to a bus and memory storage coupled to the bus. Thememory storage can be volatile or non-volatile and can include removablestorage media. The computer can also include a display, provision fordata input and output, etc.

Some portions of the detailed descriptions which follow are presented interms of procedures, steps, logic blocks, processing, and other symbolicrepresentations of operations on data bits that can be performed oncomputer memory. These descriptions and representations are the meansused by those skilled in the data processing arts to most effectivelyconvey the substance of their work to others skilled in the art. Aprocedure, computer executed step, logic block, process, etc., is here,and generally, conceived to be a self-consistent sequence of operationsor instructions leading to a desired result. The operations are thoserequiring physical manipulations of physical quantities. Usually, thoughnot necessarily, these quantities take the form of electrical ormagnetic signals capable of being stored, transferred, combined,compared, and otherwise manipulated in a computer system. It has provenconvenient at times, principally for reasons of common usage, to referto these signals as bits, values, elements, symbols, characters, terms,numbers, or the like.

It should be borne in mind, however, that all of these and similar termsare to be associated with the appropriate physical quantities and aremerely convenient labels applied to these quantities. Unlessspecifically stated otherwise as apparent from the followingdiscussions, it is appreciated that throughout the present invention,discussions utilizing terms such as “collecting,” “generating,”“storing,” “performing,” and “monitoring,” or the like, refer to theactions and processes of a computer system, or similar electroniccomputing device, including an embedded system, that manipulates andtransforms data represented as physical (electronic) quantities withinthe computer system's registers and memories into other data similarlyrepresented as physical quantities within the computer system memoriesor registers or other such information storage, transmission or displaydevices.

Overview of Embodiments of the Present Method and System for TargetedData Delivery

Electronic devices such as personal computers (PCs), televisions,personal digital assistants (PDAs), cellular telephones, and the likehave become an essential and commonly-used part of life for millions, ifnot billions, of people throughout the world. These and other similarelectronic devices are used frequently and for a variety of purposes. Aswill be described below in detail, various embodiments of the presentinvention utilize user information which is collected from at least oneelectronic device that is associated with a user. Embodiments of thepresent invention generate a user profile based on the collected userinformation. Embodiments in accordance with the present inventionutilize the user profile to target delivery of data to at least onespecific user. Furthermore, as will be described in detail below,embodiments in accordance with the present invention achieve suchtargeted delivery of data to users without requiring a release of anyuser information in the user profile.

Various specific embodiments in accordance with the present inventionwill be described in detail below in Sections 1 through 6.

Section 1 General Method and System for Targeted Data Delivery

Embodiments of the present invention are discussed within the context oftargeted delivery of data. For purposes of brevity and clarity, thetargeted delivery of advertisements is used for illustrative purposesthroughout the application. However, although advertisements are usedfor purposes of brevity and clarity in certain examples, the targeteddelivery of data is not intended to be limited to the targeted deliveryof advertisements.

Other embodiments of the present invention are discussed within thecontext of electronic devices that are associated with a user. Oneelectronic device, for example is the PC and is used for illustrativepurposes throughout the application. Although the PC is used forpurposes of brevity and clarity in many of the following examples, it isnot intended that the term “electronic devices” be limited to PCs.

In addition, other embodiments of the present invention are discussedwithin the context of targeting delivery of data to users. In oneexample, the user is an individual that is associated with at least oneelectronic device. Although the term “user” is used for purposes ofbrevity and clarity in many of the following examples, it is notintended that the term “user” be limited to individuals. For example, auser is representative of a company having many individuals.

FIG. 1 illustrates a method for targeted data delivery, in accordancewith one embodiment of the present invention. That is, FIG. 1illustrates a process for targeting data delivery to a user. The methodof flow diagram 100 is capable of ensuring the privacy of the userinformation used for targeting the delivery of data to the user.

At 110, the present embodiment collects user information about a userfrom at least one electronic device that is associated with the user. Inone embodiment, the information is automatically collected. The userinformation includes behavioral characteristics exhibited by the user,personal information associated with the user, and machine configurationfor electronic devices associated with the user. In addition, any otherinformation useful for targeting the user is collected. In manyembodiments of the present invention, the collection of user informationis performed locally at a site associated with a user. However, otherembodiments are well suited to the collection of user information atlocations remote from the user. For purposes of organization, specificexamples and detailed descriptions of the collection process will bedescribed in greater detail in section 2 in which targeted data deliveryis described from the standpoint of a user layer.

For example, behavioral characteristics collected for the userinformation include URL histories, usage of devices, usage ofapplications, etc. In particular, user activity on an electronic deviceassociated with the user is monitored. In this way, user information ofa user includes search behavior over the interne which includes logs(which include timing information) of web browsing, logs of e-mails sentand received, the use of various electronic devices (e.g., printers,cameras, etc.), the use of those devices in a location specific manner,the use of those devices in a time specific manner, geographic locationsof an electronic device associated with the user, use of softwareapplications on the electronic devices, hardware configuration, softwareconfiguration, etc. In addition, this user information includes personalinformation, such as address, income, last name, etc. As such, thesebehavioral characteristics and personal information are used to targetusers exhibiting these characteristics. A full discussion of the varioustypes of electronic devices from which user information is collectedwill be described in greater detail in section 2.

At 120, the present embodiment generates a user profile based on theuser information. This user profile is formatted to enable the selectionof particular characteristics that are used to target users exhibitingthose characteristics. For example, the user profile includes attributesthat represent the characteristics (e.g., search behavior, machineconfiguration, personal information, etc.) of the user that arecollected in the background while the electronic devices associated withthe user are operating. In many embodiments of the present invention,the generation of the user profile is performed locally at a siteassociated with a user. However, other embodiments are well suited tothe generation of user profiles at locations remote from the user.Specific details regarding the generation of the user profile arediscussed below in great detail in section 2.

It should be noted that in accordance with embodiments of the presentinvention, even though the software is operating in the background, thesoftware is operating with the authorization of the user for purposes oftargeted data delivery. That is, unlike conventional spyware which isoperating under fraudulently obtained or absent any authorization,embodiments of the present invention operate with the full knowledge andconsent of the user, and often for the pecuniary benefit of the user.

At 130 the present embodiment stores the user profile. In this manner,the user profile is used to achieve delivery of data which is targetedto the user based on the user profile. In addition, this targeting ofthe user for the delivery of data is accomplished without requiring arelease of any of the user information in the user profile. That is, theuser profile is stored and used in a manner that protects the privacy ofthe user 250. In many embodiments of the present invention, the storingof user information is performed locally at a site associated with auser. However, other embodiments are well suited to the collection ofuser information at locations remote from the user. Specific examplesand detailed descriptions of the storing process are described ingreater detail in section 2 below.

For purposes of the present application, the term “without requiring arelease of any of said user information in said user profile,” or anysubstantially similar term or phrase, is intended to refer to therestriction that the user information is not released outside of thesystem that is implementing the delivery of data. More specifically, forpurposes of the present application the term “without requiring arelease of any of said user information in said user profile,” or anysubstantially similar term or phrase, is intended to refer to therestriction that the user information is not required to be releasedbeyond a data distribution layer as denoted by line A-A of FIG. 5.Furthermore, as will be described below with relation to FIG. 5,embodiments of the present invention do not require the release of userinformation beyond particular layers that define the system. In oneembodiment of the present invention, the release of user informationdoes not occur beyond a data distribution layer as denoted by line A-A.In another embodiment of the present invention, the release of userinformation does not occur beyond a device that is located between auser layer and the data distribution layer, as denoted between lines C-Cand D-D. In still another embodiment of the present invention, therelease of user information does not occur beyond a user layer denotedby line D-D.

FIG. 2A is a flow diagram illustrating operations for targeted datadelivery using a query that compares a user profile to selectioncriteria that defines characteristics exhibited by targeted userprofiles. The flow diagram 200 provides further illustration of themethod for targeted data delivery of FIG. 1. The method of FIG. 2A iscapable of protecting user information used for targeting the deliveryof data to the user since release of any of the user information is notrequired.

For purposes of the present Application, it is understood that inembodiments in accordance with the present invention, the query isincluded within an offer for the solicitation of data. In oneembodiment, the offer includes the query. In another embodiment, theoffer includes the query and the location of the data to be offered fordelivery. In still another embodiment, the offer includes the query andthe data. Additionally, in another embodiment, an optional offer ofcompensation for taking delivery of the data is included within theoffer. In still another embodiment, the information (e.g., query, formsof the data, compensation, etc.) included within the offer is jumbled orscrambled together. Also, additional information is optionally included(e.g., expiration period, expiration data, etc.).

The present embodiment continues from 130 of FIG. 1. At 210, the presentembodiment forwards a query soliciting delivery of data to a controllerthat has access to the user profile. The query comprises selectioncriteria for selecting targeted user profiles. The selection criteriaincludes characteristics that are exhibited or that are similar to thatfound in the user profiles generated in FIG. 1. As such, the selectioncriteria includes information such as behavioral characteristicsexhibited by the user, personal information associated with the user,and machine configuration for electronic devices associated with theuser, etc. This selection criteria is used to identify targeted userswhose user profiles satisfy the selection criteria. In otherembodiments, the selection criteria is used to identity targeted userswhose user profiles match the selection criteria. In this manner, thequery is used for selecting user profiles that satisfy the selectioncriteria without requiring a release of any user information in theselected user profiles. Thus, the user profile of a targeted user isprotected. In many embodiments of the present invention, the creation ofthe selection criteria is performed at the data source. However, otherembodiments are well suited to the creation of selection criteria atlocations other than the data source (e.g., the data distributor). Forpurposes of organization, section 4 below describes the selectioncriteria creation process in detail.

In one embodiment, selection criteria defines a target profile. That is,the target profile is representative of a user who is targeted for thedelivery of data. As such, the selection criteria definescharacteristics exhibited by the user profiles that are targeted for thedelivery of data.

In one embodiment, the query is forwarded to a controller that isco-located with an electronic device associated with the user. That is,the query is forwarded to an electronic device that is collecting userinformation for use in targeted data delivery. In another embodiment,the query is forwarded to a controller that is located at a remotedevice that is separate from the electronic devices associated with theuser. That is, in such an embodiment, user information is not collectedon the remote device. In many embodiments of the present invention, theoperations of the controller are performed locally at a site associatedwith the user, although other embodiments are well suited to performingcontroller operations at locations remote from the user. Section 2 belowprovides specific details regarding the operation of the controller.

At 220, the present embodiment determines if the user profile satisfiesthe selection criteria. The selection criteria defines characteristicsexhibited by targeted user profiles. If the user profile satisfies theselection criteria, then the data is presumably targeted to the userassociated with the user profile. That is, the data is generatedspecifically for users who exhibit characteristics in their userprofiles that satisfy the selection criteria.

On the other hand, if the user profile does not satisfy the selectioncriteria, then the data is not targeted to the user. That is, the datais not generated for the user whose user profile does not satisfy theselection criteria.

In many embodiments of the present invention, the operations performedto determine if the user profile satisfies the selection criteria areperformed locally at a site associated with a user. However, otherembodiments are well suited to determining whether the user profilesatisfies the selection criteria at locations remote from the user.Again, for purposes of organization, specific examples and detaileddescriptions of the determination of whether the user profile satisfiesthe selection criteria is described in greater detail in section 2.

At 230, the present embodiment initiates delivery of the data to theuser when the user profile satisfies the selection criteria. Targetingthe user and the delivery of the data is achieved without requiring arelease of the user information in the user profile. That is, userinformation associated with the user that is used to determine whetherthe user profile satisfies the selection criteria is not required to bereleased. Additionally, release of the user information does not occurwithout the knowledge and authorization of the user to protect theuser's privacy. In many embodiments of the present invention, therelease of user information is performed locally at a site associatedwith a user. However, other embodiments are well suited to the releaseof user information at locations remote from the user. Further detailsregarding the release of user information are provided in section 2.

In one embodiment, the data is delivered to an electronic device that isassociated with the user. That is, the data is delivered to anelectronic device from which user information is collected. In otherembodiments, the data is delivered to electronic devices associated withthe user from which no user information is collected. For example, thedata is delivered to a television that just displays what it receives.In other embodiments, other forms of delivery media are supported, suchas mailings, telephone calls, e-mails, etc. A full discussion of thevarious forms of delivering data to a user is provided in section 2.

In one embodiment, after the data is delivered a subset of the userinformation in the user profile is released with authorization by theuser. The subset of information is used to determine if the user profilesatisfies the selection criteria. In many embodiments of the presentinvention, the release of the subset of user information is performedlocally at a site associated with a user. However, other embodiments arewell suited to the collection of user information at locations remotefrom the user. The release of the subset of information is described ingreater detail in section 2 below.

FIG. 2B is a flow diagram 200B illustrating operations performed in amethod for initiating delivery of data that is targeted to a user, inaccordance with one embodiment of the present invention. The flowdiagram provides additional operations to the flow diagram 200A and isimplemented between 220 and 230 of FIG. 2A.

At 240, the present embodiment determines if the user selected relevancycriteria has been satisfied. The relevancy criteria provides a measurefor valuing the user's attention. That is, in one embodiment, therelevancy criteria is a price paid to the user for the user's time inaccepting delivery of the data and viewing the data. If the relevancycriteria has not been satisfied, then the present embodiment ends.However, if the relevancy criteria has been satisfied, then the presentembodiment proceeds to 250. A full discussion of the user selectedrelevancy criteria, as well as operations performed to determine if theuser selected relevancy criteria has been satisfied, is provided belowin section 2.

At 250, the present embodiment presents an offer for the delivery ofdata to the user. This occurs when the user profile satisfies theselection criteria and the offer satisfies the user selected relevancycriteria. Section 2 provides details of the presentation of the offer tothe user.

At 260, the present embodiment determines if the offer for the deliveryof data has been accepted. If the offer has not been accepted, then thepresent embodiment ends. That is, the data is not delivered to the user.On the other hand, if the offer has been accepted, then the presentembodiment proceeds to 230 to initiate the delivery of the data. Assuch, the user is able to determine if the data is worthwhile forviewing even though the user profile satisfies the selection criteriaand the offer satisfies the user selected relevancy criteria.

In this way, the user makes another determination on whether toauthorize the release of user information used to satisfy the selectioncriteria in return for the delivery of the data. In one embodiment,acceptance of the offer authorizes a release of the subset ofinformation used to determine if the user profile satisfies theselection criteria. Section 2 describes the operation for the acceptanceof the offer in greater detail.

In still another embodiment, the data that is delivered to the user iscustomized. That is, the data is customized based on the userinformation. That is, the content of the data (e.g., advertisement) isdynamically adapted based on the user's profile. Not only will the userbe presented with data of interest to him or her, but presentation ofthe data is tailored to the user's experience.

Turning now to FIG. 3, a system is shown illustrating an exemplary databroadcast network 300 that is capable of targeted data delivery betweena data source 310 and a user 350, in accordance with one embodiment ofthe present invention. FIG. 3 provides further illustration to themethods of FIGS. 1 and 2, in one embodiment. The system of FIG. 3 iscapable of protecting user information used for targeting the deliveryof data to the user.

The data broadcast network 300 includes a server 320 and a client 340which are connected through the interne 330, or any other communicationnetwork. The server 320 is operated by a data distributor, while theclient 340 (e.g., a personal computer [PC]) is operated by the user 350.While the present embodiment of FIG. 3 is described within the contextof one server and one client, other embodiments are well suited tosupporting data broadcast networks consisting of a plurality of serversand a plurality of clients supporting one or more sources of data (e.g.,advertisers) and one or more users.

As shown in FIG. 3, the client 340 represents an electronic deviceassociated with the user 350. As described previously, user informationis collected from the client 340. While in the present embodiment onlyone client is shown, other embodiments are well suited to supporting thecollection of user information from multiple clients associated with theuser 350. A detailed description of the various types of clients and thecollection of user information from those clients is provided in section2.

In FIG. 3, a user profile is based on the user information collectedfrom the client 340. This user profile is formatted to enable theselection of particular characteristics that are used to target usersexhibiting those characteristics. For example, in FIG. 3, the userprofile of the user 350 includes attributes 343. The attributes 343represent the characteristics (e.g., behavior, machine configuration,personal information, etc.) of the user 350. The attributes arecollected in the background of the client 340.

It should be noted that in accordance with embodiments of the presentinvention, even though the collection of attributes is operating in thebackground, this collection is operating with the authorization of theuser for purposes of targeted data delivery. That is, unlikeconventional spyware which is operating under fraudulently obtained orabsent any authorization, embodiments of the present invention operatewith the full knowledge and consent of the user, and often for thepecuniary benefit of the user.

In one embodiment, the user 350 controls what types of data arecollected for the user profile, and how long such information is held inthe user profile. Furthermore, the user 350 enters additional attributes343 into an associated user profile to specify further identifiableinterests. In many embodiments of the present invention, the collectionof attributes is performed locally at a site associated with a user,although other embodiments are well suited to the collection ofattributes at locations remote from the user. For purposes oforganization, specific examples and detailed descriptions of attributesand their collection will be described in greater detail in section 2.

In addition, the user profile includes an optional threshold 345. Thethreshold 345 defines the minimum payment required to make it worthwhilefor the user 350 to accept delivery of data. For example, the thresholddefines the payment to the user required for the user 350 to view anadvertisement. In accordance with embodiments of the present invention,there are multiple thresholds associated with a user 350 depending onthe currency of the offer (e.g., cash, frequent flyer miles, discounts)and the content of the data. Section 2 below provides details of theselection and implementation of the threshold 345.

In one embodiment, the collecting of 110, the generating of 120, and thestoring of 130 of FIG. 1 are performed at one of the electronic devicesassociated with the user 350. For example, the collecting of 110, thegenerating of 120, and the storing of 130 are performed at locally atthe client 340. The local performance of these operations protect theprivacy of the user information, and are described in detail in section2.

In another embodiment, at least one of the collecting of 110, thegenerating of 120, and the storing of 130 of FIG. 1 is performed on aremote electronic device that is separate from the electronic devicesthat are associated with the user 350.

Also shown in FIG. 3 is a data source 310. In the present embodiment,the data source 310, or some representative of the data source 310,creates a query 323, a link 325 to data (e.g., an advertisement), and anoptional payment 327 that is paid upon delivery of the data. The query323, link 325, and optional payment 327 combined constitute an offer.The query 323, link 325, and payment 327 are used for the solicitationof the delivery of the data. In one embodiment, the query 323, link 325,and payment 327 are created by the data source 310 and stored on theserver 320. In other embodiments, the query 323, link 325, and payment327 are created in combination with the server 320, or through anotherrepresentative (e.g., a broker). Also, in one embodiment, the storing ofthe offers is implemented through a web application interface hosted bythe data distributor. A full discussion of the creation of the query323, link 325, and payment 327 is provided in section 3, in which thetargeted delivery of data is described from the standpoint of the datasource 310.

In the present embodiment, the data distributor through the server 320broadcasts the query 323, link 325, and payment 327, to all of itsassociated clients in the data broadcast network 300, including theclient 340. The client determines if an associated user profilesatisfies the query. Section 2 describes, in detail, the determinationof whether the user profile satisfies the query.

In other embodiments, the query 323, link 325, and payment 327 are sentto a location other than the client 340 for accessing the user profileinformation and determining if the user profile satisfies the query.That is, the user profile is stored in a location other than the client340, or the determination of whether the user profile satisfies theselection criteria of the target profile occurs at a location other thanthe client 340. Details of various locations for performing thedetermination of whether the user profile satisfies the selectioncriteria of the target profile is provided in section 3, in which thetargeted delivery of data is described from the standpoint of the datadistributor layer.

In one embodiment, if the user profile of the user 350 satisfies thequery 323 and potential payment 327 satisfies the threshold 345, theuser 350 decides whether the delivery of the data associated with thequery 323 is desired in return for the payment 327. On the other hand,if the user profile or the potential payment 327 do not satisfy thequery, delivery of the data is not provided as an option to the user.

The data broadcast network 300 of the present embodiment is able topreserve the privacy of the user 350. In particular, in one embodimentall queries (e.g., query 323) are broadcast to the user 350 withoutrevealing any information about the user 350. In such an embodiment,only when the user 350 decides to accept delivery of the data, and inturn collect the payment 327 does the user 350 intentionally discloseidentity information (e.g., information in the user's profile used tosatisfy the selection criteria). In one such embodiment, the identity ofthe user 350 is only revealed to the data distributor associated withthe server 320. In addition, in another embodiment, to further protectthe privacy of the users in the data broadcast network 300, onlyaggregate data is returned to the advertiser 310.

FIG. 4 is a data flow diagram 400 illustrating the flow of informationin the data broadcast system 300 of FIG. 3, in accordance with oneembodiment of the present invention. In the present embodiment, theclient 340 communicates with the server 320 over the internet 330 toreceive an offer QP 410, which includes a query and potential payment.At the comparator function block 420, the query in QP 410 is testedagainst the user attributes 343. In addition, the potential payment inQP 410 is tested against the threshold 345.

Also, the offer QP 410 is checked for validity. For example, an offer isinvalid after exhausting an advertiser budget. In many embodiments ofthe present invention, the checking for the validity of the offer isperformed at the data distributor layer. For purposes of organization,details for checking the validity of the offer is provided in section 3.

If the user attributes 343 satisfy the query and the potential paymentsatisfies the threshold 345, then at the output of the comparatorfunction block 420, the offer QP 410 is presented to the user in anon-intrusive manner. Details of the offer for the delivery of data areprovided in section 2.

At the acceptance block 430, the user decides whether it is desired tohave the data to be delivered (e.g., for the purposes of watching anadvertisement). If the user chooses to have the data delivered, the data(e.g., an advertisement) 440 is retrieved from the server 320 anddelivered to the client 340 for presentation to the user. The operationsfor the acceptance of the offer for the delivery of data is provided indetail in section 2.

At the monitoring block 450, the present embodiment determines if thedata has been presented to the user (e.g., viewed by the user). If thedata has been presented, then the payment 460, as an incentive, isregistered on the server to the user 350 that is associated with theclient 340. Section 3 below provides a detailed description of thepayment of the incentive.

While the present embodiment of FIG. 4 describes various functions atthe server 320 and the client 340, other embodiments of the presentinvention are well suited to performing these functions at either theserver 320, or the client 340, or any location other than the server 320or client 340, or any combination thereto.

FIG. 5 is a diagram of an exemplary network 500 that is capable oftargeted data delivery between a plurality of data sources and a networkof users, in accordance with one embodiment of the present invention.Network 500 provides more detail to the data broadcast network 300 ofFIG. 3, in one embodiment. In FIG. 5, the network 500 links a pluralityof data sources 510 to a network of users 550 (e.g., user A, user B, onup to user N) for the targeted delivery of data. More specifically, thepresent embodiment links a data source with a particular user for thetargeted delivery of data. Additionally, the network 500 is capable ofachieving delivery of data that is targeted to a user based oninformation in a user profile without requiring a release of the userinformation to protect privacy.

In the network 500, a plurality of data sources 510 exist in a datasource layer above line A-A. For purposes of introduction, a briefdescription of the data source layer is provided here in section 1below. Also, a detailed description of the operations performed at thedata source layer is provided in section 4, in which the targeteddelivery of data is described from the standpoint of the data sourcelayer.

The plurality of data sources 510 includes data sources 511, 513, and515. Each of a plurality of data sources 510 provide data. The dataprovided by a data source includes various forms of information, such asadvertisements, publications, public and private notification alerts,etc. For example, in one embodiment, the data source 510 is anadvertiser. The advertiser uses network 500 to deliver advertisements,as data, to targeted users.

Additionally, the data sources provide selection criteria that iscrucial in identifying users targeted for the delivery of data. Theselection criteria identifies a set of users in the network of users550. That is, the selection criteria is used to identify and targetusers in the network of users 550. For example, the selection criteriaincludes the use of accounting software on a user's computing device tomanage budgets, and other behavioral characteristics that indicate theuser has visited tax help web sites. In this way, a data source thatprovides income tax services is targeted to those users that satisfy thecriteria.

In one embodiment, the data source is a broker between the originator ofthe data and the data distributor 520. For example, the brokerinterfaces with the data distributor 520 for the targeted delivery ofdata. That is, the broker provides the data and the criteria on behalfof the originator of the data.

In the network 500, a data distributor 520 exists in a data distributorlayer between line A-A and line B-B. For purposes of introduction, abrief description of the data distribution layer is provided in section1 below. However, a full description of the operations performed at thedata distribution layer is provided in section 3, in which the targeteddelivery of data is described from the standpoint of the datadistribution layer.

The data distributor 520 is communicatively coupled to the network ofusers 550. The data distributor 520 provides the sole distribution pointfor the delivery of the data from the plurality of data sources 510 tothe users in the network 550. That is, the data distributor 520 providesthe avenue for accessing each of the users in the network of users 550specifically for the delivery of data from the plurality of data sources510.

In one embodiment, the data distributor is a network owner. That is, thenetwork owner owns and provides access to its network of users 550. Forexample, a network owner has an association with a manufacturer of PCs.As such, a buyer of a PC from the manufacturer agrees to become part ofthe network of users 550 for the targeted delivery of data.

For example, the data distributor is the creator and controller of theproprietary network 500. The data distributor 520 receives a cut ofevery transaction equal to a function V(A,B) that is a function of theuser ask price, A, and the bid price, B. The incentive delivered to theuser is limited by A<=V(A,B)<=B. The incentive provided by a data sourcefor the delivery of data is partly paid to the data distributor 520.

In another embodiment, the data distributor 520 is a central serverbroadcasting to all peers over the internet. In another embodiment, thedata distributor 520 is a federation of such central serversbroadcasting to peers over the internet. For example, the datadistributor 520 is associated with the server 320 of FIG. 3.

The data distributor 520 in combination with each of the data sources inthe plurality of data sources generates offers for the targeted deliveryof data. For example, an offer 530 is generated that is associated withone of the data sources in the plurality of data sources 510. The offer530 is used to target the delivery of data. The offer 530 includes aquery 531. The offer 530 includes a link 533 to the data, or any otherform of accessing the data. That is, the offer 530 includes the locationof the data to be offered for delivery, in some embodiments. In otherembodiments, the offer 530 includes the data itself. The offer 530 alsoincludes a bid price that indicates the price paid by the data sourcefor the delivery of data to a user in the network of users 550. That is,the offer 530 also optionally includes an offer of compensation fortaking delivery.

In one embodiment, the offer 530 is generated at the data source, orbroker that represents the data source. In another embodiment, the offer530 is generated at the data distributor. In still another embodiment,the offer 530 is generated at the data source, or broker, and the datadistributor 520 in combination. For purposes of organization, specificexamples and detailed description of the generation of the offer 530will be described in section 4, in which the targeted delivery of datais described from the standpoint of the data source layer.

As shown in FIG. 5, a broadcast layer 540 broadcasts offers from thedata distributor 520 to the network of users 550. The broadcast layer540 is located between line B-B and line C-C. For purposes ofintroduction, a brief description of the broadcast layer 540 is providedin section 1 below. A detailed description of the operations performedat the broadcast layer is provided in section 3.

The method of broadcast include one or a combination of severalpossibilities including, but not limited to: a direct server connectionover the interne, an indirect connection through a peer-to-peer scheme,a data casting method that broadcasts digital messages over an existingtelevision infrastructure.

In one embodiment, the broadcast layer 540 sends offers in variousdistribution patterns. For example, the broadcast layer 540 sends offersto each of the network of users 550, a randomly selected number of usersin the network of users 550, or a demographically selected group ofusers from the network of users 550 (e.g., by geographic location).

In network 500, a user layer is located below line D-D. For purposes ofintroduction, a brief description of the user layer is provided insection 1. Furthermore, a detailed description of the operationsperformed at the user layer is provided in section 2.

In the network 500, each of the network of users 550 is associated witha targeting mechanism (e.g., client software) that operates tofacilitate the targeted delivery of data. The targeting mechanismoperates in the background to track a wide variety of user behaviors.These behaviors include behavioral and personal characteristics, forexample. It should be noted that in accordance with embodiments of thepresent invention, even though the targeting mechanism is operating inthe background, the targeting mechanism is operating with theauthorization of the user for purposes of targeted data delivery. Thatis, unlike conventional spyware which is operating under fraudulentlyobtained or absent any authorization, embodiments of the presentinvention operate with the full knowledge and consent of the user, andoften for the pecuniary benefit of the user.

The user information is organized according to a schema that allowsqueries to be generated that are designed such that user informationthat satisfy the criteria set forth in the query enable the targeting ofdata to users.

This user information is collected and represented as a user profile. Assuch, each of the network of users 550 is associated with a user profilecontaining personal and configuration information related to anassociated user. For example, user A is associated with user profile A,user B is associated with user profile B, and user N is associated withuser profile N.

Also, each of the plurality or network of users 550 is associated with aminimum ask price. For example, user A is associated with ask price 563,user B is associated with ask price 573, and user N is associated withask price 583. The ask price is a form of consideration that is paid inreturn for the delivery of the data. The ask price may be available inmany forms of consideration, such as cash, frequent flier miles,donations, printers, coupons, etc.

The ask price is an economic mechanism designed to monetize the scarcityof consumer attention, in one embodiment. Users will set their ask pricehigher if they are not interested in receiving an increase in the numberof items of data (e.g., advertisements). On the other hand, user willset their ask price lower if they are interested in receiving more itemsof data. In this way, the ask price is used to efficiently deliver thedata to users who are interested in the data.

In another embodiment, the minimum ask price is used to discourage spam.That is, data considered as spam most likely is associated with very lowbid prices in order to distribute the spam data to a large number ofusers. However, users with ask prices higher than the average priceassociated with spam data will not receive the spam data. As such, theminimum ask price is used to discourage the distribution of spam.

As shown in FIG. 5, the location of the targeting mechanism, userprofile, and ask price is variable, in accordance with embodiments ofthe present invention. For example, the targeting mechanism 571, userprofile B, and ask price 573 is located at the electronic device 575(e.g., PC) associated with user B. That is, the targeting mechanisms571, user profile B, and ask price 573 is locally located at the userlayer. As such, the collection of user information for the user profileB and the determination of whether the user profile B satisfies anyquery coming from the data distributor occurs locally. Likewise, thedetermination of whether a bid price coming from the data distributorsatisfies the user's asking price occurs locally.

In another embodiment, the location of the targeting mechanism 561, userprofile A, and ask price 563 is located remotely from the electronicdevice 565 that is associated with the user A. That is, the targetingmechanisms 561, user profile A, and ask price 563 is located between thebroadcast layer 540 and the user layer. As such, the collection of userinformation for the user profile A and the determination of whether theuser profile A satisfies any query coming from the data distributor 520occurs remotely. Likewise, the determination of whether a bid pricecoming from the data distributor satisfies the user's asking priceoccurs remotely.

In still another embodiment, the location of the targeting mechanism581, user profile N, and ask price 583 is located at a server associatedwith the data distributor 520. That is, the targeting mechanisms 581,user profile N, and ask price 583 are located at the data distributorlayer. As such, the offer 530 need not necessarily go through thebroadcast layer 540, in one embodiment. As such, the collection of userinformation for the user profile N, and the determination of whether theuser profile N satisfies any query coming from the data distributor 520,and if a bid price coming from the data distributor satisfies the user'sask price 583 occurs at the data distributor 520, or at a server closelyassociated with the data distributor 520.

In addition, the locations of each of the targeting mechanisms, userprofiles, and ask prices is split amongst various locations shown above,in accordance with another embodiment of the present invention.

The targeting mechanisms are also used to determine if the user profilessatisfy the selection criteria as defined by the queries. For example,for user B, the targeting mechanism 571 determines if the query 531 inoffer 530 is satisfied by the information in user profile B. Only if theselection criteria in query 531 is satisfied by the user profile B, andthe bid price 535 exceeds the ask price 573 is an offer to deliver thedata (e.g., through data link 533) presented to the user B. The bidprice 535 is used as an incentive to entice a user to accept delivery ofdata.

For example, a choice selection is presented to user B, in oneembodiment. The choice selection is presented through one of a number ofmechanisms, such as a popup, a less invasive flashing systray icon, etc.The choice selection includes 1) a choice to view the data (e.g., anadvertisement), or 2) a choice to ignore the data. With this choice, thepurpose of the data and a description of the data source is summarizedfor user B.

In addition, in return for accepting delivery of the advertisement forviewing, user B will receive a payment as consideration. That is, ifuser B chooses to view the data, the data is presented to the user, andonly then is the user's account credited. For example, the credit to theuser's account is made at the data distributor 520.

FIG. 6 is a block diagram of a system 600 for targeted data delivery, inaccordance with one embodiment of the present invention. The system 600is implemented within the data broadcasting network of FIG. 3, forexample in one embodiment. As such, system 600 includes a data source310, a server 320 that communicates with a client 340 through acommunication network 610 (e.g., interne 330), and a user 350.

The remaining components of the system 600 are shown below the dottedline A-A. Representation of these components under dotted line A-Aindicates that one or more of the components are located at the client340, the server 320, or some other remote device communicating throughthe communication network with the server 320 and the client 340.

The system 600 includes a collector 615, a generator 620 and a storingmodule 625. The collector 615 collects user information about a user 350from at least one electronic device that is associated with the user350. In addition, the collector further includes a monitor formonitoring user activity on an electronic device associated with theuser. The generator 620 generates a user profile based on the userinformation. In addition, the storing module 625 stores the userprofile. As such, the user profile is used to achieve delivery of data(e.g., an advertisement) which is targeted to the user 340 based on theuser profile without requiring a release of any of the user informationin the user profile, in one embodiment.

In one embodiment, the collector 615, generator 620, and storing module625 are disposed on an electronic device that is associated with theuser. In another embodiment, the collector 615, said generator 620, andsaid storing module 625 are disposed on a remote electronic device thatis separate from the electronic devices associated with the user.

In addition, the system 600 includes a storage medium 630. The storagemedium stores the user profile associated with the user 350. In thisway, information in the user profile is used to target the delivery ofdata to the user 350.

In one embodiment of the present invention, the system 600 also includesan offer transmitter (not shown). For example, the offer transmitter islocated at the server 320, in one embodiment. The offer transmittersends an offer soliciting delivery of the data to a controller 640 thathas access to the user profile. In one embodiment, the broadcasting ofthe offer is implemented through client polling. Also, in oneembodiment, the controller 640 is co-located with an electronic devicethat is associated with the user 350. In another embodiment, thecontroller 640 is located on a remote device that is separate from theelectronic devices associated with the user 350 from which userinformation is collected.

The offer's query defines selection criteria for selecting targeted userprofiles. In addition, the system 600 also includes a profile comparator645. The profile comparator 645 determines if the user profile satisfiesthe selection criteria.

When the user profile satisfies said selection criteria, a deliverymodule 650 initiates the delivery of the data to the user 350. In oneembodiment, the delivery module is configured to initiate delivery ofthe data to an electronic device associated with the user, where userinformation is collected from the electronic device. In anotherembodiment, the delivery module is configured to initiate delivery ofthe data to an electronic device that does not collect user information.

As shown in FIG. 6, the system 600 also includes optional components, asfollows: the relevancy criteria comparator 660, the offer presentor 665,and the acceptance determining module 670. The relevancy criteriacomparator 660 determines if the offer satisfies a user selectedrelevancy criteria. That is, in one embodiment, the relevancy criteriacomparator 660 determines if a bid price set by the data source 310included in the offer meets or exceeds an ask price defined by the useras the user selected relevancy criteria.

In addition, the system includes an offer presentor 665 for presentingan offer to an electronic device associated with the user for deliveryof the data to the user. The offer is presented when the user profilesatisfies the selection criteria. In another embodiment, the offerpresentor is configured to release a subset of the user information.

In addition, the system includes an acceptance determining module 670.The module 670 is able to determine if the offer has been accepted. Inone embodiment, acceptance of the offer for delivery of data authorizesthe release of a subset of the user information used to determine if theuser profile satisfies the selection criteria. A releaser 676 releasesthe subset of information upon receipt of authorization by the user.

In one embodiment, on delivery of the data, an incentive delivery module672 delivers an incentive to the user, or to a data distributor thatforwards the query, or some combination of the two.

Also, in another embodiment, the system 600 includes a customizer 674.The customizer 674 customizes the data delivered to the user. Morespecifically, the data is customized using the user information.

Section 2 Method and System for Targeted Data Delivery from theStandpoint of the User Layer

Embodiments of the present invention in section 2 are described from thestandpoint of the user layer. For example, the user layer is locatedbelow line D-D in FIG. 5. As such, description of the targeted deliveryof data is described below from the standpoint of the user layer.

FIGS. 7 and 8 in combination illustrate a method and system for thetargeted delivery of data, in embodiments of the present invention. Morespecifically, FIG. 7 is a flow diagram 700 illustrating operationsperformed in a method for targeted data delivery, in accordance with oneembodiment of the present invention. In addition, the components of thesystem of FIG. 8 are capable of implementing the method of FIG. 7, inaccordance with one embodiment of the present invention.

In FIG. 7, the operations performed in flow diagram 700 are performedlocally at the user layer of FIG. 5, in the present embodiment.Similarly, in FIG. 8, components of system 800 perform the operations ofFIG. 7 and are located at the user layer. That is, system 800 is locatedentirely at the user layer, and is controlled by the user without anyoutside intervention. For example, system 800 is implemented entirelywithin the targeting mechanism 571 of the electronic device 575 locatedat the user layer to ensure privacy protection of the user'sinformation.

In addition, continuing with FIG. 5, the user profile B is located atthe electronic device 575, in one embodiment. As such, privacyprotection of the user's information stored in user profile B iscontrolled by the user. In this way, the targeted delivery of data isimplemented without requiring the release of any user information beyondor outside of the user layer. That is, the present embodiment isconfigured such that use of the user information for targeting purposesis limited to the user layer. As such, the user exercises tight controlover the use and release of user information during the targeteddelivery of data.

Operations associated with the components of system 800 are implementedin hardware or software implemented within an electronic device fromwhich the user information is collected. In another embodiment, thecomponents of system 800 are implemented within an electronic deviceother than the electronic device from which the user information iscollected.

In still other embodiments, one or more of the components of system 800are located remotely from the devices associated with the user. That is,one or more of the components of system 800 are located remotely fromthe user layer of FIG. 5. However, in one such embodiment, to ensureprotection of user information, secure communication with the remotelylocated system 800 is employed.

Returning to FIG. 7, at 710, the present embodiment collects userinformation about a user from at least one electronic device that isassociated with the user. That is, user information describingcharacteristics of the user is collected from one or more electronicdevices comprising a set of electronic devices that is associated withthe user. More specifically, each of the set of electronic devices arelocated below line D-D within the user layer of FIG. 5. As shown in FIG.8, the collector 810 collects the user information. In the presentembodiment, the components of the system 800 including the collector 810are located at the user layer of FIG. 5, although in other embodiments,the collector 810 is located at other layers of FIG. 5.

The user information is collected from one or more electronic devicesassociated with the user. That is, any electronic device from whichuseful information can be collected about the user for purposes oftargeting the user for the delivery of data is used. For example,electronic devices from which user information is collected includes,but is not limited to, the following: PC, printer, cell phone, pagers,household appliances, global positioning satellite (GPS) devices,television, personal digital assistant (PDAs), digital cameras, videorecorders, cable set-top boxes, etc.

The user information includes characteristics that help to identify theuser for the targeted delivery of data. These characteristics includepersonal information associated with the user, behavioralcharacteristics exhibited by the user, machine configuration forelectronic devices of the user, etc.

In one embodiment, the user information is collected in the backgroundof the electronic devices. That is, the user information isautomatically collected while the electronic devices are operating. Theuser need not start, nor be acutely aware of, the collection of userinformation, in one embodiment. It should be noted that in accordancewith embodiments of the present invention, even though the collection ofuser information is operating in the background, this collection occurswith the authorization of the user for purposes of targeted datadelivery. That is, unlike conventional spyware which is operating underfraudulently obtained or absent any authorization, embodiments of thepresent invention operate with the full knowledge and consent of theuser, and often for the pecuniary benefit of the user.

In one embodiment, personal information is collected for purposes oftargeting the user for the delivery of data. For example, the user'sname, sex, income, address, zip code, education level, etc. arecollected. Many of these personal items of information are collecteddirectly, or indirectly through inference. For example, the directcollection of personal information is collected from registration formsthe user filled out and registered using the various devices associatedwith the user. In other words, in embodiments in accordance with thepresent invention, these personal items of information are locatedwithin definable spaces of the various electronic devices associatedwith the user.

In other embodiments, the collection of personal information is achievedthrough inference. For example, the stated income level may not be foundin any of the various electronic devices associated with the user.However, based on a zip code that has been previously collected, astated income level is inferred. That is, it is inferred that a userwith a zip code associated with a middle class neighborhood earnsapproximately a middle class income.

As another example, the sex of the user is inferred through variousmeans. In one case, the types of URLs visited provide a clue as to thesex of the user. For example, visits to URLs tailored to cosmetics mayindicate that the user is a female. In another case, the name of theuser may provide an indication as to the sex of the user.

In still other embodiments, the collection of user information includesbehavioral characteristics of the user when interacting with the variouselectronic devices associated with the user. For example, behavioralcharacteristics collected as user information include URL histories,usage of devices, usage of applications, etc.

In one embodiment, the user's search behavior over the internet as abehavioral characteristic is monitored for purposes of targeted datadelivery. For example, raw data is collected to include the various URLsvisited by the user. That is, the user information will identify whichURL the user has visited, such as news groups, chatrooms, blogs, carURLs, printer URLs, etc.

For purposes of illustration only, an example is provided for referencethroughout the application in which a user is interested in purchasingan inkjet printer. The user performs some research over the internet andvisits a URL associated with company A for purposes of researching aninkjet printer provided by company A. For purposes of collectingbehavioral characteristics, the present embodiment is capable ofcollecting the fact that the user has visited the URL associated withcompany A.

In addition, collector 810 of FIG. 8 collects various other raw piecesof information related to web browsing as behavioral characteristics.For example, collector 810 collects timing information in one embodimentin accordance with the present invention. That is, collector 810collects a timestamp that identifies when a particular URL was visited(e.g., time and date). This is useful in determining how many times aparticular URL was visited and with what frequency. Recent activity fora particular URL may indicate great interest in the subject associatedwith that URL.

In addition, various search terms used by the user are collected, bycollector 810, as a behavioral characteristic. That is, in the aboveexample of a user researching printers, the search term “inkjet” iscollected for targeting purposes. This is valuable to an inkjetmanufacturer who is targeting users who are in the market of purchasingan inkjet printer.

In one embodiment, post processing of the raw data collected bycollector 810 is necessary to determine behavioral characteristics. Itmay not be enough to collect that the user has visited a URL. Hence,embodiments in accordance with the present invention implement variouspost processing techniques to obtain further identifying characteristicsof the user. The techniques discussed below show examples of postprocessing for illustrative purposes only and are not intended to beexhaustive.

In one embodiment in accordance with the present invention, postprocessing of the raw data determines if the user really visited theURL. For example, it is valuable to know whether the user just visitedthe URL briefly or interacted with the URL. An examination of whetherthe user scrolled through a page on the URL indicates how long and howinterested the user was in that URL. This behavioral tracking indicatesthat the user not only visited the URL, but was also interested in theURL. As such, this user information is more accurate and relevant foruse in targeted data delivery.

In addition, post processing of URL data indicates that the URLs visitedrecently include specific types of URLs. For example, the URL dataindicates that the user was visiting URLs associated with carmanufacturers and printer manufacturers. This post processing indicatesthat the user is interested in purchasing both a new car and a newprinter. As such, car manufacturers and also printer manufacturersutilize this information for targeted delivery of their URLs.

Other post processing techniques are also be useful in collecting userinformation. For example, in one embodiment, a spelling corrector isimplemented to obtain a true representation of data. Text in e-mails ortext messages from handheld devices are riddled with incorrect spellingsin the interest of time. A spelling corrector in the post processingstage corrects the spelling so that accurate and relevant userinformation is collected.

In another embodiment, logs of e-mails are collected by collector 810when performing the operation described at 710 of FIG. 7. That is, inone embodiment in accordance with the present invention, collector 810collects a log of sent and received e-mails for purposes of targeteddata delivery. Post processing of the e-mails is required to obtainuseful user information. For example, a filtering of the text used inthe e-mails identifies that the user is in the market for inkjetprinters. Other text identifies other behavioral characteristics of theuser, such as being a fan of a particular baseball team, etc. In stillanother embodiment, post processing of downloaded web pages is preformedby scanning text content of downloaded web pages using word frequencystatistics as a possible input source.

Collector 810 of the present embodiment is also well suited tocollecting behavioral activity that is not related to browsing theinterne. For example, in one embodiment, information specifying the useof various devices is collected by collector 810. That is, a userutilizes a number of electronic devices, such as printers, cameras, cellphones, etc. Use of these devices is valuable in targeted data deliveryto manufacturers of those devices since the user may be interested inpurchasing another similar electronic device or accessory relatedthereto.

In addition, in various embodiments in accordance with the presentinvention, collection of location specific information related to theuse of electronic devices is important. For example, the geographiclocations of an electronic device indicates the location of the user ofthat electronic device. User information collected by collector 810 froma user identifies that that user travels a particular route whencommuting to work. Using such information, it is determined that theuser's route passes by a particular supermarket that is also locatedclose to the user's home. The user information also includes how manytimes the user has passed the particular supermarket. In such anembodiment, this information is used to target that user for thedelivery of advertising (e.g., coupons) enticing the user to use thenearby and frequently passed supermarket.

Other information, that is collected by collector 810 when performingthe operation described at 710 of FIG. 7, might indicate that a userstores digital photographs on an electronic device (e.g., a PC). Inaddition, user information indicates that the user prints photographsfrom those digital photograph files. Using the previous example of auser in the market for an inkjet printer, a particular printermanufacturer targets the delivery of advertising for a color inkjetprinter to the user who stores and prints digital photograph files usinga competitor printer.

Still other information that is collected by the collector 810 is thetype of music that the user listens to, in one embodiment. Music trackstypically include additional information that identifies the band,artist and type of music that the electronic device is playing. Thisinformation also is collected and be associated with the user.

In addition, user information that is collected by collector 810includes hardware configuration of the electronic devices associatedwith the user. For example, the particular machine configurations of thevarious electronic devices associated with the user are collected. Thatis, the particular models of the various devices, peripheral components,drivers installed, interconnect connections (e.g., DSL, cable,telephone), and other associated hardware is collected. As such, theuser information includes the model and date of manufacture of theprinter associated with the user. These various hardware configurationinformation indicate when the user may need a new printer cartridge.

In still other embodiments, the software configuration is collected bycollector 810 for purposes of targeted data delivery. That is, the typesand versions of applications that are loaded onto a particularelectronic device (e.g., PC) is collected. In addition, the usage ofthose types of applications is collected by collector 810. For example,information that indicates a software configuration including a highlevel publishing application and additional information indicating highuse of that application are useful in targeting that particular user forprinters that are suitable for desktop publishing.

Additionally, user information indicates how often a particularapplication crashes in one embodiment. If a particular applicationcrashes frequently, a manufacturer of a competitor application uses thisinformation to target the delivery of advertising data to the user whoseapplication frequently crashes.

Still other forms of collection of user information is possible. Forexample, in one embodiment, the collection of user information isachieved through voice over internet protocol (VOIP) technology. Thatis, voice recognition software or VOIP technology is implemented tocollect user information related to a user. As an example, the VOIPtechnology indicates that a user is interested in taking a vacation, inone embodiment. A travel agency uses this information to target thedelivery of trip advertising to this particular user.

Other embodiments of the present invention are able to performpostprocessing of the raw data collected from the electronic devicesassociated with the user to identify which user is associated with thedata. For example, multiple users may have access to an electronicdevice (e.g., a PC). The collection of information associated with theelectronic device is most useful if the data is associated with aparticular user.

Various post processing mechanisms are employed to identify the user.For example, keystroke rhythm and timing are analyzed to determine whichuser is currently using the electronic device. One user is identified ashaving a quick rate of keystroke typing in one embodiment. Another useris identified as having a slower rate of keystroke typing. In addition,users are identified based on the rhythms of the keystroke typing. Asmooth rhythm indicates one user, while a choppy rhythm indicatesanother user.

In still other embodiments, behavioral characteristics of users are usedto identify users using other types of electronic device. This ishelpful in an environment where multiple users are interacting with thesame set of electronic devices. As such, behavior exhibited to aparticular user is correctly associated with that user.

Now returning to FIG. 7, at 720, embodiments in accordance with thepresent invention generate a user profile based on the user informationcollected in 710. Correspondingly, as shown in FIG. 8, user profilegenerator 820 implements the operation described at 720 of FIG. 7. Aswill be described below the user profile generator 820 formats the userprofile to enable the use or selection of particular characteristics forpurposes of targeting users exhibiting those characteristics. In thepresent embodiment, the components of the system 800 including the userprofile generator 820 are located at the user layer of FIG. 5. Morespecifically, in one embodiment in accordance with the presentinvention, the user profile is generated by the user profile generator820 that is contained within the targeting mechanism 571.

In one embodiment in accordance with the present invention, user profilegeneration by the user profile generator 820 is only performed with theexplicit authorization of the user. That is, the user profile generator820 functions under the sole control of the user. As such, in oneembodiment, the user is capable of requesting that user information notbe collected. In another embodiment, the user is capable of deleting theuser profile, or transferring the user profile to another location, ortaking other actions as controlled by the user, etc.

In another embodiment in accordance with the present invention the userprofile is generated by an entity that functions as a proxy to the user.That is, the user specifically authorizes the proxy to generate the userprofile and to perform operations associated with the targeted deliveryof data. For example, an Internet Service Provider (ISP) functions as aproxy, in one embodiment.

As such, wherever the user profile is generated and maintained by a userprofile generator 820, the user has confidence that the user informationin the user profile is not compromised and that the user has controlover that user information. For instance, whether the user profilegenerator 820 is located on the hard drive of the electronic deviceassociated with the user, or the user profile is maintained at the ISP,or on a stored database remotely located from the user, the user profilegenerator 820 is still thought of as an extension of the user'selectronic device, since user information is not required to bereleased.

Furthermore, for purposes of the present application, the term “withoutrequiring a release of any of said user information in said userprofile,” or any substantially similar term or phrase, is intended torefer to the restriction that the user information is not releasedoutside of the system that is implementing the delivery of data. Morespecifically, for purposes of the present application the term “withoutrequiring a release of any of said user information in said userprofile,” or any substantially similar term or phrase, is intended torefer to the restriction that the user information is not required to bereleased beyond a data distribution layer as denoted by line A-A of FIG.5. As described previously with relation to FIG. 5, embodiments of thepresent invention do not require the release of user information beyondparticular layers that define the system. In one embodiment of thepresent invention, the release of user information does not occur beyonda data distribution layer as denoted by line A-A. In another embodimentof the present invention, the release of user information does not occurbeyond a device that is located between a user layer and the datadistribution layer, as denoted between lines C-C and D-D. In stillanother embodiment of the present invention, the release of userinformation does not occur beyond a user layer denoted by line D-D.

In one embodiment, the user profile includes attributes that areassociated with the user information. As such, the attributes representthe characteristics (e.g., behavior, personal information, machineconfiguration, etc.) associated with the user. That is, user informationcollected by collector 810 is transformed into an attribute by the userprofile generator 820. For example, an attribute indicates a URL thathas been visited. Another attribute indicates search terms. Still otherattributes indicate characteristics particular to a user, as previouslydescribed.

In another embodiment, the user profile generator 820 formats theseattributes by grouping the attributes into one or more databases. Thatis, the attributes are stored in a database by the user profilegenerator 820. For example, the database includes attributes indicatingthe URLs visited. The same or another database includes all search termsused. In addition, attributes in the database expire after a period oftime. As such, one or more databases includes all the attributesassociated with user information identifying characteristics of theuser. These attributes are formatted to be included in a particulardatabase for searching. Thus, the attributes are used for the targeteddelivery of data.

In the present embodiment, the database storing the user information islocated at the user layer as described in FIG. 5. For example, the userprofile B is shown stored in the electronic device 575 at the userlayer. In such an embodiment, control over the user informationassociated with the database is tightly monitored by the user ifnecessary.

In other embodiments of the present invention, the user profilegenerator 820 stores the user profile at devices remote from the userlayer. In one such embodiment, the user profile generator 820 stores theuser profile at the data distributor layer (e.g., user profile N), orsome location between the data distributor layer and the user layer(e.g., user profile A). The protection of privacy of the userinformation is paramount even with the remote storage of the database ofuser information. Embodiments in accordance with the present inventionensure a user's privacy by implementing various secure communicationmeans, such as communication over a secure socket layer, communicationusing encryption, and other secure communication approaches well knownin the art.

In still other embodiments, the database of user informationcorresponding to the user profile is split between various locations. Insuch embodiments, the user profile generator 820 stores sensitive userinformation in secure locations at the user layer, or data distributionlayer, or some layer in between. Less sensitive user information (e.g.,public information regarding the user) is stored by the user profilegenerator 820 in less secure areas in various locations (e.g., a generaldatabase at the data distributor 520 of FIG. 5).

Also, the user information in the user profile is used to automaticallyfill out electronic forms, in one embodiment. That is, the userinformation is parsed to select various terms that are applied to anelectronic form.

In one embodiment, the user has editing capabilities with regards to anassociated user profile. That is, the user adds additional informationto the user profile and subtracts information from the user profile.However, the editing capability is limited to prevent user fraud. Forexample, user editing of profiles is limited to prevent a user fromlying about information in the user profile in order to increase chancesfor satisfying selection criteria. In such an embodiment, the user istrying to accumulate incentives tied to the delivery of data withouttruly having an interest in that data. That is, the user is trying tomake money by automatically trying to satisfy as many queries aspossible. Prohibiting the editing of critical features of the userprofile prevents misdirected and fraudulent targeting of users.

As a further example, in another embodiment of the present invention,the user is allowed to add or edit information in certain marked fields,such as “name” or “address.” However, the user is restricted fromediting information in most fields (e.g., URLs visited).

In still another embodiment, fields are editable by users in a limitedfashion. That is, the present embodiment allows changing most fields to“not telling” rather than simply deleting their contents. A “nottelling” value matches neither positive criteria or negative criteria.As such, this prevents a user from hiding the fact that the user did notvisit company C. Thus, the user is prevented from falsely claiming anincentive for an inkjet advertisement from company C, for example.

At 730, the present embodiment receives an offer soliciting delivery ofdata. More specifically, in one embodiment, the offer includes a querythat defines selection criteria of targeted user profiles. In otherembodiments in accordance with the present invention, the offer includesthe location of the data to be offered for delivery or the data itself,and optionally an offer of compensation for taking delivery. Additionalinformation is optionally included within the offer, such as anexpiration period, etc. As shown in FIG. 8, the offer receiver 830 isused to receive the offer. In the present embodiment, the components ofthe system 800 including the offer receiver 830 are located at the userlayer of FIG. 5. To put it into the context of FIG. 5, the offer isreceived at the electronic device 575 that includes the offer receiver830 contained within the targeting mechanism 571. In one embodiment inaccordance with the present invention, the offer is received by theoffer receiver 830 from the data distributor 520 through the broadcastlayer.

The offer is used for the solicitation of the delivery of data, in oneembodiment. That is, the query within the offer is used to determine ifthe user receiving the offer is a user who should be targeted. The offeris not specifically targeted to particular users. Instead, the offer isforwarded to a broad group of users. Thus, the information containedwithin the offer is used to select and target the delivery of data toparticular users, as will be described further below.

In the present embodiment, the query included within the offer includesselection criteria used for targeting one or more user profiles. Thatis, the selection criteria is used to characterize particular users towhom the data is targeted. As such, the selection criteria containscertain characteristics that are important in distinguishing thetargeted user profiles from other user profiles. In this way, deliveryof data is targeted to particular users.

In one embodiment, the selection criteria contains positivecharacteristics of the targeted user. For example, these positivecharacteristics might be actual search terms used, actual URLs visited,actual income, etc.

In other embodiments, the selection criteria contains negativecharacteristics of the targeted user. For example, these negativecharacteristics might be search terms that are not used in conjunctionwith search terms that are used, URLs that have not been visited in aperiod of time, etc.

In one embodiment, the query included within the offer is represented asa Boolean expression. The Boolean expression includes a number ofcharacteristics. The characteristics in the expression are connectedwith “and,” “or,” and “not” Boolean operands. That is, the queryincludes a number of selection criteria connected with the abovementioned operands. In another embodiment, the query is represented asan arithmetic expression.

Using the previous example of a user in the market for an inkjetprinter, the selection criteria may help target or identify a user whois interested in purchasing an inkjet printer. For example, theselection criteria contains characteristics that define a user who has,at least twice, spent time on the URLs of company A and company B, bothof whom manufacture inkjet printers, with pages from each domaincontaining the term “inkjet” and “printer,” but who has never visitedthe URL of company C.

In addition, in another embodiment, to prevent fraud where users try tosatisfy as many selection criteria as possible in order to receiveincentives, the query is conditioned in favor of users who actually havea favorable behavior. For example, in the case of targeted advertising,the query is directed to users who actually make purchases of anadvertised product (e.g., a cosmetic line). In other words, theselection criteria is so specific that it is unlikely that a fraudulentuser can meet all of the specific criteria automatically.

Returning to FIG. 7, at 740, the present embodiment determines if theuser profile satisfies the selection criteria. That is, the user profileis compared against the selection criteria. As shown in FIG. 8, thecomparator 840 is used to access the user profile and to make thedetermination of whether the user profile satisfies the selectioncriteria in the query. In the present embodiment, the components of thesystem 800 including the comparator 840 are located at the user layer ofFIG. 5. To put it into the context of FIG. 5, the determination ofwhether the user profile satisfies the query is made at the electronicdevice 575 that includes the comparator 840 contained within thetargeting mechanism 571.

In embodiments in accordance with the present invention, thedetermination by the comparator 840 that a user's profile satisfies theselection criteria is made without requiring a release of the userinformation. Specifically, the user profile satisfies the selectioncriteria defined in the query. In other words, the determination thatthe user should be targeted for the delivery of data is made in such away that the user has control over the user information utilized, andthe operations performed, by comparator 840 in making the determinationthat the user is a targeted user. As such, this targeting of the user isperformed without requiring a release of the user information.

In accordance with one embodiment of the present invention, thedetermination that the user is targeted for the delivery of data is madeby the comparator 840 at the electronic device 575 associated with theuser. That is, the components of system 800 that operate to perform thetargeted delivery of data are located on the electronic device 575 thatthe user controls. In addition, the user profile and the informationcontained therein are also stored at the electronic device 575 that isin the control of the user. As such, the targeting of the user is madewithout requiring any release of the user information outside of theuser layer of FIG. 5. More specifically, in the present embodiment, thetargeting of the user is made entirely within the electronic device 575,and the user information used to target the user never leaves theelectronic device 575. As such, the user is anonymously targeted for thedelivery of data.

In one such embodiment as mentioned above, components in system 800 arestored at an electronic device in the control of the user. However,other embodiments of the present invention are well suited to storingthe user profile and components of system 800 at a location that isremote from the user and in a secure manner such that the userinformation is still not required to be released. That is, thedetermination that the user profile satisfies the selection criteriausing information in the user profile is made in a secure location thatdoes not require a release of the user information.

For example, referring back to FIG. 5, the targeting mechanism 581 andthe user profile N is located at the data distribution layer which isoutside of the user layer. However, the transfer of the user informationto the data distribution layer for storage in user profile N is madeover a secure data link 587 (e.g., a secure socket layer) that ensuresthat the user information in user profile N is not released.

Moreover, the use of the information by the targeting mechanism 581 tomake the determination of whether the user profile satisfies theselection criteria is made without requiring the release of the userinformation outside of the targeting mechanism. More specifically, theuser N is targeted without requiring a release of information outsidethe data distribution layer. Since the data distribution layer is asecure layer, the user profile N, the targeting mechanism 581, and theinformation used by the targeting mechanism 581 to determine that user Nis targeted for the delivery of data will not leave the secure datadistribution layer. As such, user N is targeted for the delivery of datawithout requiring a release of information.

As such, embodiments in accordance with the present invention arecapable of the targeted delivery of data without requiring a release ofuser information. For purposes of the present application, the term“without requiring a release of any of said user information in saiduser profile,” or any substantially similar term or phrase, is intendedto refer to the restriction that the user information is not releasedoutside of the system that is implementing the delivery of data. Morespecifically, for purposes of the present application the term “withoutrequiring a release of any of said user information in said userprofile,” or any substantially similar term or phrase, is intended torefer to the restriction that the user information is not required to bereleased beyond a data distribution layer as denoted by line A-A of FIG.5. As described previously with relation to FIG. 5, embodiments of thepresent invention do not require the release of user information beyondparticular layers that define the system. In one embodiment of thepresent invention, the release of user information does not occur beyonda data distribution layer as denoted by line A-A. In another embodimentof the present invention, the release of user information does not occurbeyond a device that is located between a user layer and the datadistribution layer, as denoted between lines C-C and D-D. In stillanother embodiment of the present invention, the release of userinformation does not occur beyond a user layer denoted by line D-D.

For example, in one embodiment, the targeting mechanism, a subsystem ofthe system that is implementing the delivery of data is implementedwithin the user layer below line D-D of FIG. 5. That is, thedetermination that a user is a targeted user for the delivery of data isimplemented within this layer. As such, user information is not releasedto entities outside of the user layer.

In another embodiment, the targeting mechanism is implemented within thedata distribution layer between lines A-A and B-B. That is, thetargeting of users is implemented within this layer. As such, userinformation is not released to entities outside of the data distributionlayer. It should be noted however, that even when at least one of thecomponents of FIG. 8 resides within the data distribution layer (e.g.,at data distributor 520), embodiments in accordance with the presentinvention do not require a releasing of the user information. That is,although user information may be utilized by at least one component ofFIG. 8 at the data distribution layer, user information is stillsecurely protected and is not divulged to entities outside of the systemimplementing the targeted delivery of data.

In still another embodiment, the targeting mechanism is implementedwithin a layer between the data distribution layer and the user layer ofFIG. 5. For example, the system is implemented at the system 560 that islocated within a layer defined between lines C-C and D-D. That is, thetargeting of users is implemented within this layer. Again, in thepresent embodiment user information is not released to entities outsideof system 560 that is located at the layer defined between lines C-C andD-D.

In still another embodiment, the targeting mechanism is implementedwithin a combination of the layers of FIG. 5 below line A-A. That is,the targeting of users is implemented within these layers. As such, userinformation is not released to entities outside of these layers.

For example, a manufacturer (e.g., data source 511) who makes a product,widget A, can market widget A to a particular group of customers. Thisgroup of customers is a targeted group. The manufacturer defines thecharacteristics exhibited by the targeted group of customers generally,and these characteristics are used as selection criteria. That is, themanufacturer is not specifically targeting an identifiable customer, buta group of customers that happen to exhibit common characteristics.

Thereafter, in accordance with an embodiment of the present invention,user information is used by a targeting mechanism (e.g., 561, 571, or581) to determine if an associated user (e.g., user A, B or N) meetsthose characteristics. More specifically, the present embodimentdetermines if the user profile satisfies the selection criteria withoutrequiring a release of user information. As such, in accordance with thepresent embodiment, the targeting mechanism (e.g., 561, 571, or 581)waits to receive the selection criteria, and then at that pointdetermines if the user is one of the targeted group by determining ifthe user profile satisfies the selection criteria. At no point is theuser information required to be released, especially to the manufacturerof widget A, the data source 511.

As such, in such an embodiment of the present invention user informationthat a particular user has exhibited particular characteristics (e.g.,performed specific operations on a PC) that indicates potential interestin widget A is not divulged to the manufacturer of widget A. Instead themanufacturer perceives that there may be users who are interested inwidget A, and perceives that these targeted users exhibit perceivedcharacteristics. These perceived characteristics are used to selecttargeted users using the targeting mechanism.

In contrast to embodiments in accordance with the present invention,conventional spyware routinely divulges confidential data to third partysources, thereby compromising the privacy of unsuspecting individuals.For example, a common technique in conventional spyware is to place anapplication on a user's PC to spy on an individual's behavior andactivity. Typically, the user does not want these spying applicationsloaded onto the user's PC. However, the spyware is commonly andsurreptitiously loaded onto the user's PC with authorization that isfraudulently or deceptively obtained. For example, the user unknowinglyaccepts the spyware onto the system when downloading desired files orapplications that unfortunately come packaged with the spyware. That is,spyware is used to spy on information, and spill that information tothird party advertisers so that they can target individuals withunwanted advertisements (e.g., unwanted e-mails). As such, spyware isincapable of providing the targeted delivery of data without requiring arelease of user information, as provided in accordance with embodimentsof the present invention.

For example, a spyware company would gather information for a pluralityof individuals, ship this information to a remote server, create logicalrepresentations of each of these individuals, and then market thisinformation to advertisers. The advertisers can then see whichindividuals can be targeted for specific advertisements.

In a more refined approach, a spyware company would gather informationfor an individual, ship this information to a remote server, create alogical representation of the individual, come to a conclusion that theindividual is in the market for an diamond ring, and markets thatindividual to diamond merchants. That is, the spyware company divulgesinformation about the individual so that interested diamond merchantscan directly contact that individual.

In addition, in direct contrast to embodiments of the present invention,conventional spyware commonly gathers data about the individual and thentransfers the data to a remote site for further processing. In the caseof spyware, personal data is often transferred without the individualeven knowing that the transfer is happening. The transfer frequentlyoccurs in the background when the individual is connected to theinternet. During the connection, the individual's PC is communicativelycoupled to a remote server for the transfer of the personal datadeleteriously gathered by the spyware. This personal data is then usedat a remote location without knowing authorization by the individual.

On the other hand, in embodiments of the present invention, the user istargeted for the delivery of data in a manner that ensures theprotection of the user's privacy. That is, the user information in theuser profile is protected even though it is used to determine if theuser profile satisfies the selection criteria.

The protection of the user information is particularly important if theuser has sensitive user information stored in a user profile that theuser never wants released. For example, the user profile of a userincludes sensitive medical information that might be particularlyprivate or embarrassing to the user. The user may have been doingresearch for a medical condition inflicting the user. As such, the usermay not want this information released to an outside source for fear ofbeing identified as someone having such a condition or affliction.

Embodiments of the present invention are able to protect the user'sprivacy, especially the fact that the user has recently searched websites that are directed to the user's condition, and also anonymouslytarget the user for the delivery of data. That is, the user is targetedfor the delivery of data without requiring a release of userinformation. In such an embodiment, the user continues to freely conductresearch for the user's medical condition, and also be targeted for datarelated to the conditions (e.g., advertisements for medication treatingthe user's condition). Furthermore, the user can be targeted for suchdata without any concern that user information will be traced back tothe user indicating that the user has recently visited web sites relatedto the user's condition.

As another example of the benefits conferred by embodiments inaccordance with the present invention, using the previous example of auser in the market for an inkjet printer, the user may not wantinformation released indicating that the user is interested in an inkjetprinter manufactured by company C. For example, the user may work forcompany A which also manufactures inkjet printers. For whatever reason,however the user favors inkjet printers from a competitor, company C. Ifthe user information were to be leaked that could identify that the useris interested in an inkjet printer from company C and that informationwere obtained by company A, then the user's standing within company Amay be severely compromised. Fortunately, embodiments of the presentinvention allow the user to continue to freely search for inkjetprinters from company C. In addition, these embodiments allow that factto be collected as user information. As such, this user can be targetedfor delivery of data related to inkjet printers from company C under asystem that protects the user's privacy, since there is no requirementthat user information be released for the targeted delivery of data.

Moreover, embodiments of the present invention are well suited toattracting users to a system or network that performs the targeteddelivery of data. Normally, a user may be reluctant to participate in asystem that may be construed as secretly collecting information relatedto that user for fear that the information may be released to others.However, embodiments of the present invention are able to collect userinformation in way that ensures that the user information is notrequired to be released for the targeted delivery of data. That is, theuser knows that the user information is used only for the targeteddelivery of data. As such, embodiments of the present invention are ableto attract users to the system of targeted data delivery, especially ifenticed with incentives for the delivery of data.

Moreover, in embodiments in accordance with the present invention, userinformation is only released upon explicit authorization by the user.That is, in embodiments in accordance with the present invention userinformation is required to be released in order for the user to receivedata and any corresponding incentives. However, the user information isonly released to the data distributor (e.g., distributor 520 of FIG. 5)in a secure fashion and the user information is not further releasedbeyond the data distributor on an individual basis, in one suchembodiment. The data distributor releases user information in anaggregate fashion that does not identify any users. As such, the user'sprivacy is ensured as the user information is never identified with theuser, and is never released in a manner that connects the user to theuser information.

Returning to 740 of FIG. 7, in one embodiment, satisfaction of theselection criteria is performed through a vector matching process. Morespecifically, the vector matching process is represented by a functionF(x), where x is the query. For example, x is the vector defining theselection criteria of the target profile described previously. Althoughvarious embodiments are described using a vector matching process forclarity and brevity, other embodiments are well suited to othertechniques that are capable of determining whether the user profilesatisfies the selection criteria.

In one particular implementation, the query, x, is a vector that takesall of the words of web pages that are theoretically visited by atargeted user. The vector is over a high dimensional space.

In one embodiment, the function F(x) is a dot product of the queryvector and the user profile in vector form. Various techniques are usedto determine if the user profile satisfies the selection criteria asdefined in the query. For instance, in one case, if the dot productexceeds a threshold value, then the user profile satisfies the selectioncriteria.

Also, if the dot product is within a predetermined numerical range, thisindicates a highly valued match. That is, the user profile closelymatches or satisfies the selection criteria. This rating of matches isused to determine the appropriate incentive to be paid to the user forthe delivery of data, as will be described more fully below in relationto 910 of FIG. 9. That is, in accordance with embodiments of the presentinvention a highly valued match will be paid a greater incentive than alower valued match.

In addition, a selection of dot products with random vectors is taken.That is, the function F(x) is a randomly generated function. It shouldbe pointed out, that in other embodiments of the present invention, thefunction F(x) is not a randomly generated function. In one embodiment,the randomly generated function can be used to select a targeted user.For example, the result of F(x) provides numbers that compactlyrepresent a user. This compact representation can be used to filter anddetermine if a user satisfies the selection criteria. In one embodiment,an inference module is used to determine if the compact representationsatisfies the selection criteria.

In one embodiment, if the user profile does not satisfy the selectioncriteria in the query, the offer containing that query is kept for aperiod of time. That is, the offer is stored. For example, in oneembodiment in accordance with the present invention the query is storedat the targeting mechanism 571 used for targeting the delivery of data.At a subsequent time, when the user profile has changed, the userprofile is again compared to the selection criteria to determine if theuser profile satisfies the selection criteria.

Returning to FIG. 7, at 750, the present embodiment determines if thedata should be delivered to the user when the user profile satisfies theselection criteria, in accordance with one embodiment of the presentinvention. A determining module 646 makes the determination of whetherthe data should be delivered to the user. More specifically, in oneembodiment, the determining module 646 presents the offer to the userthrough an electronic device of the set of electronic devices associatedwith the user. As such, the user can actively accept the offer for thedelivery of the data. In one embodiment, the offer includes informationthat indicates which user information in the user profile will bereleased should the user accept delivery of the data. As a result, thedata is delivered when the offer is accepted by the user, andconversely, the data is not delivered when the offer is not accepted bythe user.

At 760 the delivery of data is initiated if it has been determined thatthe data should be delivered to the user. That is, the data is deliveredafter it has been determined that the user has accepted the offer forthe delivery of data, in one embodiment. More specifically, theinitiation of the delivery of data is achieved without releasing anyuser information in the user profile, except for an indication that theuser profile satisfies the selection criteria. In addition, theperformance of the collecting operation at 710, the generating operationat 720, the receiving operation at 730, the determining operation at740, the determining operation at 750 and the initiating operation at750 are performed without requiring a release of the user information inthe user profile except for the indication that the user profilesatisfies the selection criteria.

More specifically, the indication that the user profile satisfies theselection criteria is not required to be released beyond line A-A of thedata distribution layer in FIG. 5, in accordance with one embodiment ofthe present invention. In one embodiment, the indication that the userprofile satisfies the selection criteria does not provide any userinformation, and only informs that the user profile satisfies theselection criteria. In another embodiment, the indication that the userprofile satisfies the selection criteria is limited to user informationthat is used to satisfy the selection criteria. As such, because theuser profile is closely guarded to protect the privacy of the user andsince the determination of whether the user profile satisfies theselection criteria is made in a secure location, user information is notrequired to be released beyond line D-D of the user layer of FIG. 5 forpurposes of targeted delivery of data except for the indication that theuser profile satisfies the selection criteria. Hence, as stated above,the user's privacy is protected in a system that is capable of targeteddata delivery.

In another embodiment, the initiation of the delivery of data isachieved without releasing any user information in the user profilebeyond the user layer. That is, in one embodiment, in determining if theuser profile satisfies the selection criteria, user information is notrequired to be released beyond line D-D of FIG. 5. For example, an offercan be multicasted to a plurality of users. More specifically, the offerforwarded to an electronic device associated with a user includes thequery and either the data, a link to the data, or some form of accessingthe data. If no compensation is required, as soon as the user profileassociated with the user satisfies the selection criteria, initiation ofthe delivery of data is achieved without releasing any user informationin the user profile. That is, the determination that the user profilesatisfies the selection criteria and the initiation of the delivery ofthe data to the user occurs entirely below line D-D of FIG. 5, and doesnot require any release of user information beyond line D-D of FIG. 5.

As shown in FIG. 8, the delivery module 850 initiates delivery of thedata. In the present embodiment, the components of the system 800including the user profile generator 820 are located at the user layerof FIG. 5. To put it into the context of FIG. 5, the initiation of thedelivery of data is performed by the delivery module 850 which iscontained within the targeting mechanism 571.

Various methods for initiating delivery of the data are implemented. Inone embodiment, the message containing the query also contains a link tothe data. As such, once the present embodiment determines that the userprofile satisfies the selection criteria, the link is invoked toinitiate delivery of the data to a display that is viewed by the user.For example, the data is stored at the data distributor 520 of FIG. 5.In one such embodiment, invoking the link activates the delivery of thedata by the data distributor 520 to the user who invokes the link. Inthis way, the user readily receives the data targeted to that user.

In one embodiment, the data is delivered to the user via a display thatis present on the electronic device associated with the user. Thedisplay is any display viewable by the user. In one embodiment, thedisplay is on a PC from which user information is collected. In anotherembodiment, the display is on a device which performs the variousfunctions for targeting delivery of data, such as system 800 of FIG. 8.

In still other embodiments, the display is on any device accessible bythe user. That is, the device is a dumb display, which presents thedata. For example, the display is a television.

In another embodiment, the data is delivered through a standardtelephone communication network. For example, the data is faxed to auser. In another example, the user is directly called in a telemarketingsystem. That is, once the user is targeted, the user is contacted viaphone. The data is automatically played back in a recording to the user,or a telemarketer converses with the user to discuss the data.

In still another embodiment, the data is delivered in the form ofe-mails. That is, once the user is targeted, one or more e-mailscontaining the data is delivered to the user.

Also, in another embodiment the data is customized to the user. That is,before the data is delivered to the user, user information is used totailor presentation of the data to the user. In the example of theinkjet purchase by a user, the data is customized with a comparison ofan inkjet printer of Manufacturer C to inkjet printers of ManufacturersA and B. For instance customizing the data includes text promoting thebenefits of an inkjet printer by Manufacturer C, as follows: “Reasonsthat an inkjet printer from Manufacturer C is superior to inkjetprinters from Manufacturers A or C.”.

Turning now To FIG. 9, a flow diagram illustrating operations fordetermining if an offer for the delivery of data has been accepted isdescribed, in accordance with one embodiment. Additionally, flow diagram900 provides further details related to flow diagram 200B of FIG. 2B.

At 910, the present embodiment determines if a user selected relevancycriteria has been satisfied before the initiation of the delivery ofdata to the user. That is, both the user selected relevance criteria andthe selection criteria must be satisfied before the data is delivered tothe user.

In one embodiment, the relevancy criteria measures the value to the userof viewing the data. That is, the relevancy criteria is an economicmechanism designed to set a value, as consideration, for the user'sattention. For example, the relevancy criteria is some function thattranslates the user's attention to cash, goods, services, etc. As such,the relevancy criteria is a minimum value that is paid as considerationto the user upon delivery of the data and viewing the data. In otherwords, in such an embodiment, an incentive is paid to the user for thedelivery of the data.

In one embodiment, the user selected relevancy criteria is an “askprice” that is selected by the user. That is, the user selectedrelevancy criteria is a minimum ask price that must be met before thedata is delivered to that user. The ask price is included within theuser profile. For example, a bid price is included within an offersoliciting the delivery of data. The bid price indicates the incentivepaid to a user for the delivery of the data to the user, and the viewingof the data if required. As such, before the data is delivered, the bidprice must equal or exceed the ask price in order to satisfy the userselected relevancy criteria.

Other forms of consideration for the relevancy criteria are coupons,frequent flier miles, points that are accumulated for purchasing awards,etc. In one particular embodiment, the user selected relevancy criteriacorresponds to points for the purchase of a PC or printer cartridge, orsome other manufactured goods or services. That is, once the useraccumulates enough points, a free or reduced price PC or printercartridge is made available to the user. In accordance with someembodiments of the present invention, the user is resupplied withprinter cartridges through the receipt of the incentives paid forviewing data targeted to that user.

In addition, there are different relevancy criteria for various types ofdata. For example, a user might have a greater interest in sports thanin treatment medications. As such, the user may want more data relatedto sports and less data related to treatment medications. Thus, onerelevancy criteria is set to a lower threshold to attract sports data,and another relevancy criteria is set to a higher threshold to detractdata regarding treatment medications.

In one embodiment, the relevancy criteria is set using a sliding bar, asshown in FIG. 10. FIG. 10 is a diagram of a display 100 displaying aninterface to an application that provides targeted delivery of data to auser. In the display 100, a sliding bar 1010 under “preferences” setsthe minimum user selected relevancy criteria as a threshold value (e.g.,ask price). As shown in display 100, the threshold is set to sixty-fourcents. Movement of the pointer in the sliding bar 1010 increases ordecreases the threshold. The sliding bar 1010 is shown for illustrativepurposes only as other methods for setting the threshold are used inother embodiments.

In still other embodiments, the relevancy criteria is a constraint setby the user. For example, a threshold limits the number of offers thatare accepted in a month. In one embodiment, if the threshold has beenexceeded, then data will not be delivered to the user. On the otherhand, if the threshold has not been exceeded, then the data will bedelivered to the user. In another embodiment of the present invention,the relevancy criteria is manipulated internally to limit the number ofoffers presented to the user to the requested threshold.

In other embodiments, the relevancy criteria is automatically set. Thatis, based on general criteria set by the user, the relevancy criteria isautomatically selected. For example, the threshold in sliding bar 1010is moved as a function of the number of items of data that have beendelivered to spread out a monthly quota of delivered data.

The interface in display 1000 is reached by invoking the icon 1120 ofFIG. 11. The display 1100 of FIG. 11 illustrates the user interface thatimplements features of the targeted delivery of data when minimized. Atthe bottom tool bar 1140, the ML icon 1120 represents the applicationused for targeting the delivery of data. Block 1130 provides varioususer options available from the minimized application.

In addition, a summary 1110 of the available amount of considerationthat is available to the user is shown. For example, the summary 1110shows that $2.45 in cash is available for the user to earn if they viewall the relevant data. This available amount is repeated in display 1000at block 1020.

Returning to FIG. 9, at 920, an offer is presented for the delivery ofdata when the user profile satisfies the selection criteria. That is,before the data is delivered, the user has a choice of whether or not toaccept delivery of data for viewing, in accordance with one embodiment.For example, the user bases a decision on whether the incentive orpayment associated with the delivery of data is worthwhile to the user.

In accordance with embodiments of the present invention, the offer ispresented to the user in an unobtrusive manner. That is, the offer neednot be blatantly presented to the user, as in a pop-up advertisement inthe conventional art, since the user's attention has already beenfiltered and the user most likely is interested in the data. Forexample, in the display 1000 of FIG. 10, the user interface presents alist of offers available to the user. As shown in FIG. 10, there is oneoffer (“Spam Killer”) that is available to the user. The number ofoffers shown in FIG. 10 will vary depending on how many offers haveselection criteria that are satisfied by the user profile.

Once the option 1030 in FIG. 10 is selected, information is provided tothe user that is related to the offer. For example, a brief summary ofthe data source (e.g., printer company C) is provided. In addition, abrief summary of the data is also provided to the user. Other additionalinformation is provided to the user so that the user may make aninformed decision as to whether the delivery of data is desired. Inanother embodiment, this information is shown directly as part ofdisplay 1000.

Returning to FIG. 9, the present embodiment determines if the user isinterested in the offer at 930. If the user is interested, the presentembodiment proceeds to 940. On the other hand, if the user is notinterested, then the present embodiment ends.

At 940, the present embodiment optionally presents to the user a summaryof the user information that will be released if the offer is accepted.That is, user information that is used to satisfy the selection criteriawill be released to the data distributor if the offer is accepted and issummarized for the user before being released. In this manner, the usercan determine if he wants to release the user information. The releaseof user information is additional consideration for payment of theincentive to the user for accepting delivery of data and viewing thedata.

The user's privacy is protected since only user information that is usedto satisfy the selection criteria is subject to release and not theentire user profile. As such, sensitive user information that the userwould like to keep private would not be released if it is not used tosatisfy the selection criteria. For example, returning to the inkjetpurchasing example, if the user is an employee of printer company A andis using a company computer, the user may not want information releasedindicating that URLs visited included a URL for a competitor of companyA.

At 950, the present embodiment optionally determines if the userauthorizes release of the user information. At 950, the presentembodiment allows the user to stop the release of user information. Thatis, when the user decides that the user information is too private, thepresent embodiment allows the user to deny authorization for the releaseof the user information. When authorization is not given, then thepresent embodiment ends. As such, the delivery of data does not occur.

On the other hand, if authorization is given, then the presentembodiment proceeds to 960 to initiate the delivery of data, aspreviously described in relation to 750 of FIG. 7. That is, the data isdelivered to the user for viewing.

At 970 the user information is released and payment of the incentive ismade. In one embodiment, the information is released to the datadistributor (e.g., data distributor 520 of FIG. 5). In such anembodiment, the privacy of the user information has not beensignificantly compromised since it is in the data distributor's bestinterest to protect the privacy of its users in its network of users. Assuch, the data distributor provides aggregate data without violating anyprivacy interests to the data sources.

Automated viewing of the data facilitates fraudulent manipulation of thetargeted data delivery system in order to automatically receiveincentives paid for the delivery and user viewing of data without theuser themselves viewing the data. That is, fraudulent users who satisfythe selection criteria and the relevancy criteria may try to havesoftware view the data for them. However, in one embodiment, to preventfraud computer generated Turing tests are implemented to defeat theautomated viewing of the data. Other embodiments are well suited toimplementing other means for determining when the data is automaticallyviewed fraudulently.

In another embodiment in accordance with the present invention, data isdelivered before the release of information is authorized. As such, eventhough the data has been delivered and the user has viewed the data, theuser has a last chance to stop the release of user information. That is,when the user decides that the user information is too private, the userchooses to deny authorization for the release of user information. Whenauthorization is not given, the present embodiment ends. However, theincentive associated with viewing the data is not presented to the useras the user did not release the related user information.

In still another embodiment, after the user accepts the delivery of dataand authorizes the release of user information, an additional tag-onoffer is presented to the user for the delivery of additional data. Theadditional data is unrelated or related to the previously delivereddata. For example, an offer is presented to the user for the delivery ofthree future e-mails from the advertiser in return for a cash incentiveof five dollars.

FIG. 12 is a diagram of an exemplary system 1200 that is capable oftargeted data delivery between advertisers and consumers, in accordancewith one embodiment of the present invention. FIG. 12 is presented hereto apply the methods and systems of FIGS. 7-11 in one particularimplementation of targeting the delivery of advertisements.

In FIG. 12, the system 1200 links a plurality of advertisers 1210 to anetwork of consumers 1250 for the targeted delivery of advertisements.More specifically, the present embodiment links an advertiser with aparticular consumer for the targeted delivery of an advertisement. Forpurposes of illustration, the system 1200 is described in the context ofdelivering advertisements, but is also used for the delivery of othertypes of data, such as announcements, messages, etc. Additionally, thesystem 1200 is capable of achieving delivery of an advertisement that istargeted to a user based on information in a user profile associatedwith the consumer without requiring a release of user information in theuser profile to protect privacy.

The architecture of system 1200 functions similarly to the architecturein network 500 of FIG. 5. For example, an advertiser uses a networkowner 1220 to broadcast a offer 1230 through a broadcast layer 1240 toreach a network of consumers 1250. That is, the offer 1230 is propagatedto each of the network of consumers 1250. The offer 1230 includes aquery 1231, an advertisement link 1233, and a bid price 1235. If theselection criteria in query 1231 is satisfied by any of the userprofiles associated with a consumer, then the advertisement is deliveredto that consumer.

In system 1200, client software is installed on PCs sold to users whoparticipate in the network of consumers 1250. In other embodiments, theclient software is installed onto computing devices of the user (e.g.,PC) when the user decides to join the network of consumers 1250. Thatis, the client software is installed after the purchase of the computingdevice. The software operates in the background of the PC and tracks awide variety of user information and behaviors, as previously describedin relation to 710 of FIG. 7. This logged information is put into adatabase which is stored locally on the PC. In other embodiments, thelogged information is stored in a database which is remotely locatedfrom the user and not on the PC.

It should be noted that in accordance with embodiments of the presentinvention, even though the software is operating in the background, thesoftware is operating with the authorization of the user for purposes oftargeted data delivery. That is, unlike conventional spyware which isoperating under fraudulently obtained or absent any authorization,embodiments of the present invention operate with the full knowledge andconsent of the user, and often for the pecuniary benefit of the user.

For example, PC 1251 is associated with a particular consumer. Clientsoftware 1253 is installed on the PC 1251 to track and log userinformation associated with the consumer. The user information isprovided in a user profile 1255 which is stored locally on the PC 1251.Because the user information is stored locally, the consumer has maximumcontrol over the associated data. That is, the consumer has control overwhether information is released from the PC 1251, and when thatinformation is released. In addition, an ask price 1257 associated withthe consumer is stored locally on the PC 1251.

Also, the client software 1253 is used to determine if the user profile1255 satisfies the query 1231. That is, the computation done todetermine if the user profile 1255 satisfies the query 1231 occurslocally on the PC 1251. Further, the computation is performedtransparently to the consumer.

Only when the criteria in the query 1231 is satisfied by the userprofile 1255, and when the bid price 1235 exceeds the ask price 1257will the offer to view the advertisement be presented to the consumer.If the consumer chooses to the view the advertisement, then the networkowner 1220 delivers the advertisement to the consumer for viewing (e.g.,the link 1233 is invoked). In addition, in return for the consumer'sattention, a payment is made to the consumer who is viewing theadvertisement, as depicted at 1260. The payment is a function of theuser ask price, A, and the bid price, B. The incentive delivered to theuser is limited by A<=V(A,B)<=B. In addition, in another embodiment,credit to the consumer is managed by the network owner 1220.

In the present embodiment, the system 1200 operates without anyone otherthan the consumer knowing that the consumer's user profile 1255satisfies the criteria set forth in the query 1231, until the offer isaccepted, at which point the network owner is made aware of informationin the consumer's user profile. Even though the targeting is extremelyspecific (e.g., exploiting a wide range of consumer data) which allowsthe advertiser to reach exactly who they want to reach, this isaccomplished without violating the consumer's privacy because of theprivileged position of the PC as the final stage in the delivery of allcontent.

As a result, the system of FIG. 12 is capable of targetingadvertisements to particular users who exhibit characteristics that theadvertiser thinks are indicative of a potential buyer. Further, theadvertiser is willing to pay, for example, three dollars for theattention of a consumer, if the selection criteria is satisfied.

Section 3 Method and System for Targeted Data Delivery from theStandpoint of the Data Distribution Layer

In section 3, embodiments of the present invention are described fromthe standpoint of the data distribution layer. For example, the datadistribution layer is located between lines A-A and B-B in FIG. 5. Assuch, description of the targeted delivery of data is described belowfrom the standpoint of the data distribution layer.

Embodiments described in conjunction with FIGS. 13A, 13B, and 14 pertainto methods for targeted data delivery and a system for implementing thesame. FIG. 13A is a flow diagram illustrating operations performed in amethod for targeted data delivery in which a query is generated, inaccordance with one embodiment. FIG. 13B is a flow diagram illustratingoperations performed in a method for targeted data delivery in which aquery is accessed, in accordance with one embodiment. FIG. 14 is diagramillustrating a system capable of implementing the methods of FIG. 13A,in accordance with one embodiment.

Although embodiments of FIGS. 13A, 13B, and 14 are described from thestandpoint of the data distribution layer of FIG. 5 for purposes ofclarity and brevity, other embodiments of the same Figures areimplemented from the standpoint of other layers in FIG. 5, as will bedescribed below.

The operations of the methods described in FIGS. 13A and 13B areperformed at the data distribution layer of FIG. 5, in one embodiment ofthe present invention. In addition, in FIG. 14, the components of system1400 which perform the operations of the method of FIG. 13A are locatedat the data distribution layer, in one embodiment. However, otherembodiments of the present invention are well suited to locating thecomponents of system 1400 at the data source layer of FIG. 5, or someother layer between the data source and the data distribution layer. Inone embodiment in accordance with the present invention, the componentsof system 1400 are located on the system of a broker, not shown, whorepresents the data source and generates a query. Still otherembodiments locate the components of system 1400 in a combination of thelayers described above.

Turning now to FIG. 13A, a flow diagram 1300A is described illustratingoperations for targeted data delivery for the generation of a query, inaccordance with one embodiment of the present invention. In the presentembodiment, the flow diagram 1300A is taken from the standpoint of thedata distribution layer in FIG. 5. However, other embodiments of thepresent invention are well suited to performing the method of FIG. 13Aat other layers, or a combination of layers in FIG. 5. That is,generation of the query occurs at the data distribution layer, the datasource layer, or some layer in between, in accordance with embodimentsof the present invention. The method of flow diagram 1300A is used toensure the privacy of user information used for targeting delivery ofdata.

At 1310, the present embodiment accesses selection criteria. Asdescribed previously with respect to FIG. 7, the selection criteriadefines characteristics exhibited by a targeted user for the delivery ofdata. These characteristics are met by the user profile of a targeteduser. That is, the selection criteria is used to determine if the userprofile of a potentially targeted user satisfies the target profiledescribed by the selection criteria.

The user profile comprises user information corresponding to thepotentially targeted user. If the user profile satisfies the selectioncriteria, then the potentially targeted user is a targeted user to whomdata may be delivered. A full discussion regarding user profiles waspreviously presented in conjunction with operation 720 of FIG. 7.

As shown in FIG. 14, a selection criteria accessor 1410 is used toaccess the selection criteria. In the present embodiment, the componentsof system 1400 including the selection criteria accessor 1410 arelocated at the data distribution layer, however, in other embodimentsthe selection criteria accessor 1410 is located at other layers of FIG.5.

At 1320, the present embodiment generates a query for determiningwhether the user profile of the potentially targeted user satisfies theselection criteria. That is, the query is used to determine if thepotentially targeted user is targeted for the delivery of data byinitiating operations that compare the user profile to the selectioncriteria, as previously described above in conjunction with thediscussion of operation 740 of FIG. 7. As shown in FIG. 14, a querygenerator 1420 is used to generate the query. While the presentembodiment describes the query generation as being located at the datadistribution layer of FIG. 5, other embodiments are well suited tolocating the query generator 1420 at other layers of FIG. 5.

Embodiments in accordance with the present invention determine whetherthe user profile satisfies the selection criteria without requiring arelease of any user information in the user profile associated with thepotentially targeted user. In one embodiment, user information is notrequired to be released beyond the data distributor. That is, indetermining if the user profile satisfies the selection criteria, userinformation is not required to be released beyond the line A-A in FIG.5. As such, embodiments in accordance with the present invention arecapable of generating a query that is implemented within a system thattargets users who satisfy selection criteria without requiring a releaseof user information. Thus, the present embodiment maintains the privacyof the user information comprising the user profiles.

In one embodiment, query generator 1420 generates the query in responseto input through a web enabled interface. For example, input enteredfrom a data source is delivered to query generator 1420. The querygenerator 1420 is located at the data distribution layer of FIG. 5, inone embodiment. At that point, query generator 1420 generates the queryfor use in targeting data delivery.

In one embodiment, the query is vetted to see if it is objectionable.For example, before the query is broadcasted in 1330, the datadistributor who forwards the query examines the contents of the query todetermine if the query is searching for objectionable (e.g., veryprivate information such as social security numbers), characteristics ofusers. If the data distributor finds the query is objectionable, thenthe query is rejected before it is broadcasted. In one embodiment, anydata associated with the query is vetted to see if it is objectionable.

For purposes of organization, specific examples and detaileddescriptions of the query generation process will be described ingreater detail in section 4 in which targeted data delivery is describedfrom the standpoint of the data source layer.

At 1330, the present embodiment optionally forwards the query to aplurality of users, including the potentially targeted user. That is,the query is broadly distributed to determine which of the plurality ofusers has a user profile that satisfies the selection criteria and is atargeted user for the delivery of data. In some embodiments, the querymay be accompanied by data, a link to data, or a bid price.

As shown in FIG. 14, in one embodiment in accordance with the presentinvention, query forwarding module 1430 forwards the query to theplurality of users. In the present embodiment, query forwarding module1430 is located at the data distribution layer. In other embodiments,query forwarding module 1430 is located at the broadcast layer of FIG.5.

In embodiments of the present invention, the query forwarding module1430 broadcasts the query to the plurality of users. The queryforwarding module 1430 is a server of the data distributor 520 at thedata distribution layer of FIG. 5, in one embodiment, or one or moreservers of the data distributor 520 in other embodiments.

In one embodiment, the query forwarding module 1430 broadcasts the querythrough the internet. That is, the query is broadcast to the pluralityof users via the internet, such as through a direct server to anelectronic device (e.g., PC). However, other embodiments are well suitedto other forms of broadcasting. For example, the query forwarding module1430 is capable of broadcasting the query through an indirectconnection, such as a peer-to-peer scheme.

Also, query forwarding module 1430 is capable of broadcasting through adatacasting method. The query is sent via a datacast network, such as anexisting television (TV) network, a high definition television (HDTV)network, a HD radio network, satellite radio network, a radio network,or any suitable broadcasting medium. That is, in one embodiment inaccordance with the present invention, the query is delivered to abroadcast antenna and then broadcasted to any user within the coveragearea. The number of potential users is quite large, as datacasting willsend the query to mobile as well as stationary users. For example,various handheld devices (e.g., PDAs, cell phones, etc.) as well aswatches are configured to receive datacast messages. In this way, thequery is anonymously transmitted to a plurality of users at one timewithout any targeting, instead of transmitting the query separately toeach individual user. In another embodiment, the broadcasting of thequery is implemented through client polling

In one embodiment, query forwarding module 1430 is capable of selectingusers to whom the query is broadcasted. For example, query forwardingmodule 1430 sends the query to all of its supported users, or torandomly selected users, or demographically selected users. This reducesthe cost of broadcasting. For example, query forwarding module 1430filters out the users by zip code. As such, the query is broadcast onlyto one or more predetermined zip codes, although query forwarding module1430 is capable of supporting many more zip codes.

In one embodiment, query forwarding module 1430 broadcasts the query instages. For example, the query is broadcast in stages to help determinethe interest in the data. This aids in determining the interest in theassociated data, how quickly a budget could be exceeded or how much abudget would have to be adjusted. For example, an incentive budget isplaced for delivery of data associated with a query. The query is firstsent to one-thousand potentially targeted users, for example, todetermine interest in the data. The sample size is small enough that thebudget will not be exceeded. If the hit rate of targeted users is high,then there is high interest in the data and the budget may be quicklyexceeded. As such, the budget cap may need to be increased beforeanother broadcast is made. On the other hand, if the hit rate is low,then there is lesser interest in the data. As such, the query isdirectly sent to another set of potentially targeted users.

In another embodiment, query forwarding module 1430 charges a fee forbroadcasting the query. For example, a fee of one cent per broadcastedmessage might be charged. Other rate schemes are implemented dependingon the number of queries that are broadcasted by a particular datasource.

Turning now to FIG. 13B, a flow diagram 1300B illustrates operationsperformed in a method for targeting data delivery, in accordance withone embodiment of the present invention. In the present embodiment, theflow diagram 1300B is taken from the standpoint of the data distributionlayer in FIG. 5. That is, the operations in flow diagram 1300B areperformed between lines A-A and C-C.

At 1340, the present embodiment accesses a query for determining whethera user profile of a potentially targeted user satisfies the selectioncriteria. As described previously in 1310, the query includes theselection criteria and is used to select users who satisfy the selectioncriteria for the delivery of data. In the present embodiment, the queryis forwarded to a plurality of users including the potentially targeteduser, at 1330, as previously described in FIG. 13A.

In the present embodiment, the query is generated at a location otherthan the data distributor. That is, the query is generated at a layerother than the data distribution layer of FIG. 5. More specifically, thequery is generated at the data source layer or some other layer betweenthe data source and the data distribution layer. For example, the queryis generated by a data source through a web enabled interface run by thedata distributor, as will be described more fully below in section 4.

FIG. 15 in combination with FIG. 16 illustrate an exemplary system forthe targeted delivery of data in which an incentive is distributed. FIG.15 illustrates a method for targeted delivery of data, and FIG. 16 is asystem for implementing the method of FIG. 15 in accordance withembodiments of the present invention.

Turning now to FIG. 15, a flow diagram 1500 illustrates operationsperformed in a method for targeted delivery of data in which anincentive is distributed, in accordance with one embodiment. Flowdiagram 1500 describes additional operations performed subsequent to theperformance of the operations described in the flow diagrams of FIGS.13A and 13B.

At 1510, the present embodiment presents an offer to a targeted user forthe delivery of data. This offer is presented to determine if thetargeted user wishes the data delivered. The presentation of the offerby the offer presentor 1624 is shown in operation 1 of the data flowdiagram of FIG. 16.

In FIG. 16, a data flow diagram illustrates the flow of information inthe method of FIG. 15, in accordance with one embodiment. As shown inFIG. 16, an offer 1610 containing some combination of the query, data,and ask price is delivered to a receiver in the data distributor 1620.More specifically, the offer 1610 contains the query, in one embodiment.In another embodiment, the offer 1610 contains the query and some formof accessing the data, such as the data itself, or a link to the data.In still another embodiment, the offer 1610 contains the query, someform of accessing the data, and the ask price. As such, in embodimentsin accordance with the present invention, the query is contained in theoffer 1610, or is generated by the data distributor 1620.

In addition, an optional user profile database 1630 is configured to beaccessible by the data distributor 1620. That is, the targetingmechanism is centralized at the data distributor 1620. As such, the datadistributor 1620 is capable of determining which of the plurality ofpotentially targeted users it supports has a user profile that satisfiesthe query. In such an embodiment, the data distributor 1620 stores theuser profiles of its network of users at the optional user profiledatabase 1630. In another embodiment, to ease the considerable burden ofstoring and searching millions of user profiles, the storing andcomputation performed on user profiles are off-loaded to the clientsassociated with the plurality of potentially targeted users, aspreviously discussed in section 2.

In one embodiment, operation 1 may be performed to determine whether theuser profile of the potentially targeted user satisfies the selectioncriteria as defined by the query that is included within an offer. Thatis, the offer is delivered to the user by the offer presentor 1624 inoperation 1. In accordance with embodiments of the present invention,the offer includes the query, and the location of the data to be offeredfor delivery, or alternatively the data itself. Additionally, anoptional offer of compensation (e.g., incentive) for taking delivery isincluded within the offer. Also, additional information is includedwithin the offer, such as expiration period, expiration date, etc.

More specifically, in accordance with one embodiment of the presentinvention, the data distributor 1620 is capable of determining which ofthe plurality of potentially targeted users it supports has a userprofile that satisfies the query. As such, a determining module 1622located within the data distributor 1620 uses the query within the offerto determine if the user profile satisfies the selection criteria. Thatis, in the present embodiment, a user profile accessor 1621 locatedwithin the data distributor 1620 accesses the user profile and acomparator 1623 located within the data distributor 1620 compares theuser profile to the selection criteria.

In the embodiment where the data distributor 1620 performs thecomputation of determining whether the user profile satisfies theselection criteria, then data distributor 1620 is able to filter outtargeted users. As such, delivery of data is targeted to those users(e.g., through user 1640) whose user profile satisfies the selectioncriteria in the query included within the offer. More specifically, inthe present embodiment the offer is forwarded to users whose userprofiles satisfy the selection criteria so that those users candetermine whether to authorize delivery of the data.

On the other hand, in operation 1, if the computation for determiningwhether a user profile satisfies the selection criteria is not performedat the data distributor 1620, then the offer is delivered in a broadcastmessage to a plurality of users, including a user 1640 that is apotentially targeted user, in one embodiment. In such an embodiment, adetermining module (e.g., located within the targeting mechanisms 561,571, or 581 of FIG. 5) that is associated with a particular user usesthe offer to determine if the user profile satisfies the selectioncriteria. That is, in the present embodiment a user profile accessor(e.g., located within the targeting mechanisms 561, 571, or 581 of FIG.5) accesses the user profile and a comparator (e.g., located within thetargeting mechanisms 561, 571, or 581 of FIG. 5) compares the userprofile to the selection criteria. If the comparator determines that theuser profile satisfies the query, then the offer is then presented tothe user for acceptance of delivery of the data.

In accordance with one embodiment of the present invention, an optionalbid price associated with the data is also delivered. That is, a bidprice is presented to the user as part of the offer for the delivery ofdata, in one embodiment. As such, the bid price is used to determine ifthe user is interested in the delivery of data. That is, the bid priceis accessed and compared against a user selected relevancy criteria. Theincentive associated with the data is a function of the bid price. Datais delivered only when the bid price satisfies the user selectedrelevancy criteria. Previously, a full discussion on the delivery of thebid price was presented in relation to FIG. 10. The bid price is shownin FIGS. 3, 4, 5, and 12.

For example, if data distributor 1620 determines if the bid pricesatisfies the user selected relevancy criteria, then an incentiveaccessor 1625 in the data distributor 1620 accesses the incentive (e.g.,bid price) associated with the data. Comparator 1623 in the datadistributor 1620 compares the incentive against the user selectedrelevancy criteria (e.g., ask price). An offer presentor 1624 in thedata distributor 1620 offers to deliver the data when the incentivesatisfies the user selected relevancy criteria.

Returning to FIG. 15, at 1520, the present embodiment delivers data uponacceptance of the offer. Acceptance of the offer is conditioned upon adetermination that the user profile satisfies the selection criteria.For example, delivery module 1626 in the data distributor 1620 deliversthe data. Previous descriptions of the presentation and acceptance ofthe offer was presented in FIG. 9. As shown in FIG. 16, acceptance ofthe offer is illustrated in operation 2, where the user 1640 deliversacceptance of the offer. In such an embodiment, the user authorizes thedelivery of data.

At 1520 of FIG. 15, the present embodiment delivers data to the user1640 upon acceptance of the offer. As shown in FIG. 16, operation 3illustrates the delivery of data from data distributor 1620 to the user1640 whose user profile satisfies the selection criteria. Deliverymodule 1626 contained within the data distributor 1620 delivers thedata. For example, in one embodiment the delivery is implemented whenthe user invokes a link to the data. In such an embodiment, the data isstored at the data distributor 1620 and is delivered to the user 1640upon invoking the link.

In addition, at 1530, optionally, the present embodiment receives asubset of user information upon delivery of the data. For example, areceiver at the data distributor 1620 receives a subset of the userinformation upon delivery of the data. Release of the subset of userinformation from an information receiver (e.g., located at a targetingmechanism 561, 571, or 581 of FIG. 5) is conditioned upon authorizationof the user, in one embodiment. Release of the user information waspresented in conjunction with the discussion of FIG. 9. For example, thereleased information is limited to only the user information used tosatisfy the selection criteria. As shown in FIG. 16, operation 4illustrates the receipt of the user information by the data distributor1620.

In still another embodiment, data distributor 1620 forwards the userinformation to the data source of the data. In still other embodiments,the data distributor 1620 only forwards an aggregate of the userinformation to the data source in the interest of protecting the privacyof the network of users.

At 1540, the present embodiment distributes an incentive associated withthe delivery of data. As shown in FIG. 16, operation 5 illustrates thedelivery of the incentive from an incentive delivery module 1627 of thedata distributor 1620 to the database of accounts 1650. In FIG. 16, thedata distributor 1620 controls accounts for both the user 1640 and thedata distributor 1620. As such, in one embodiment of the presentinvention the distribution of an incentive is made directly to anaccount associated with the user 1640. In another embodiment, thedistribution of an incentive is made directly to an account associatedwith the data distributor 1620. In still another embodiment, theincentives are distributed to accounts associated with the user 1640 andthe data distributor 1620. The various types of incentives (e.g., cash,frequent flier miles, points for goods and services, etc.) have beenpreviously discussed in conjunction with the discussion of FIG. 10.

In one embodiment, data distributor 1620 controls the distribution ofincentives. That is, data distributor determines the allocation of theincentive for the delivery of data. For example, data distributor 1620distributes funds according to a function V(A,B), where A<=V(A,B)<=B.The variable A is the ask price of the user and B is the bid price. Inone embodiment, the delivery of data occurs when the bid price exceedsthe ask price set by the user. As such, the incentive V is set betweenthe ask price and the bid price.

In embodiments in accordance with the present invention, the exact valueof V is determined according to a number of formulas that split thevaluation surplus between the user 1640 and the data distributor 1620.The choice of the formula is important because it creates differentincentives.

In one embodiment, data distributor 1620 distributes the incentive to acombination of the user and the data distributor 1620. For example, thedata distributor allocates a flat fee for every data delivered toitself, and assigns the rest to the user 1640, or allocate incentivesaccording to a percentage of the amount paid for the delivery of data bythe data source (e.g., the bid price), etc.

In addition, other rate schemes are implemented by data distributor 1620in various other embodiments of the present invention. For example,newer users receive a higher portion of the incentives distributed.Older users receive a lower portion of the incentives distributed. Inaddition, data distributor 1620 receives no incentive, or the user 1640receives no incentive.

Section 4 Method and System for Targeted Data Delivery from theStandpoint of the Data Source Layer

Embodiments of the present invention in section 4 are described from thestandpoint of the data source layer. For example, the data source layeris located above line A-A in FIG. 5. As such, description of thetargeted delivery of data is described below from the standpoint of thedata source layer.

Embodiments described in conjunction with FIGS. 17 and 18 pertain tomethods for targeted data delivery and a system for implementing thesame. FIG. 17 is a flow diagram illustrating operations performed in amethod for targeted data delivery in which data and a query aregenerated for targeted data delivery, in accordance with one embodiment.FIG. 18 is diagram illustrating a system capable of implementing themethod of FIG. 17, in accordance with one embodiment.

Although embodiments of FIGS. 17 and 18 are described from thestandpoint of the data source layer of FIG. 5 for purposes of clarityand brevity, other embodiments of the same figures are implemented fromthe standpoint of other layers in FIG. 5, as will be described below.

As such, the operations of FIG. 17 are performed at the data sourcelayer of FIG. 5 in accordance with one embodiment of the presentinvention. In addition, in FIG. 18, the components of system 1800 whichperform the operations of FIG. 17 are located at the data source layer,in one embodiment. However, other embodiments of the present inventionare well suited to locating some or all of the components of system 1800at the data distribution layer of FIG. 5, or some other layer in betweenthe data source and the data distribution layer, for example at a serverof a broker who represents the data source and generates the data andthe query.

Embodiments of the present invention are discussed within the context ofa data source that provides data. For purposes of brevity and clarity,the targeted delivery of advertisements, as data, that are generatedfrom advertisers, as a data source, is used for illustrative purposesthroughout the application. However, although advertisements that aregenerated from advertisers are used for purposes of brevity and clarityin certain examples, the targeted delivery of data generated from datasources is not intended to be limited to the targeted delivery ofadvertisements from advertisers.

Turning now to FIG. 17, a flow diagram 1700 is described illustratingoperations for the generation of data and a query for the targeteddelivery of the data. In accordance with one embodiment, the flowdiagram 1700 is taken from the standpoint of the data source layer inFIG. 5. However, other embodiments of the present invention are wellsuited to performing the method of FIG. 17 at other layers, or acombination of layers in FIG. 5. That is, generation of one or both ofdata and query occurs at the data source layer, the data distributionlayer, or some layer in between, in accordance with embodiments of thepresent invention. The method of flow diagram 1700 is used to ensure theprivacy of user information used for targeting the delivery of data.

At 1710, the present embodiment generates data. The data that isgenerated is any suitable form of data that is targeted to particularusers. It is assumed that the targeted users have a perceived interestin the data.

As shown in FIG. 18, data generator 1810 generates the data. In thepresent embodiment, the components of system 1800 are located at thedata source layer, however, in other embodiments the data generator 1810is located at other layers of FIG. 5.

In one embodiment, for illustrative purposes only, the data that isgenerated by data generator 1810 is an advertisement. The advertisementis generated specifically to appeal to a particular targeted group ofusers. For example, the advertisement promotes a series of reading booksthat are tailored to the education of science to elementary school-agedgirls. More specifically, the books are not textbooks. The targetedgroup of users is the elementary school-aged girls, or the parents ofthose elementary school-aged girls.

As mentioned above, embodiments in accordance with the present inventionare not limited to use with data comprising advertisements. Listed beloware examples of data other than advertisements which are well suited tobeing targeted to users in accordance with embodiments of the presentinvention. For illustrative purposes only, the data that is generated bydata generator 1810 is an announcement, such as public serviceannouncement, business announcement, internal company announcement,professional group announcement, etc. The announcement is targeted to aparticular targeted group of users. For example, in the case of thepublic service announcement, the data generated by data generator 1810is a warning for a flash flood and the data is targeted to a targetedgroup of news media. The warning is targeted to the group of news mediafor further dissemination to the general public. In the case of thebusiness announcement, the data generated by data generator 1810 isbreaking news affecting a price of a stock that is targeted to a groupof users who subscribe to an investment publication. Those users use thedata for their personal investment strategies. In the case of theinternal company announcement, the data is general news particular toemployees of a company. As such, this news is targeted only to thoseemployees. In the case of the professional group announcement, the datagenerated by data generator 1810 is breaking news affecting theactivities of that professional group. For example, the targeted groupof users is medical doctors. As such, the data is breaking newsregarding the efficacy of a particular drug that is widely disseminatedfor public use. In addition, other data are generated by data generator1810 for the targeted delivery of that data.

At 1720, the present embodiment generates selection criteria whichdefine characteristics exhibited by a targeted user. That is, theselection criteria defines characteristics met by a user profile of apotentially targeted user. As such, the selection criteria as generatedby a selection criteria generator 1820 are used to determine if apotentially targeted user is a user to whom the data should be targetedfor delivery. A full discussion on the selection criteria and itscomparison to a user profile is provided in conjunction with adiscussion of the operations of FIG. 7 of section 2. For instance, theselection criteria might contain characteristics (e.g., activity on auser's electronic device, search behavior, income, zip code, etc.) thathelp target or identify a user. In one embodiment, the selectioncriteria as generated by the selection criteria generator 1820 define alocation of an electronic device associated with the potentiallytargeted user. In another embodiment, the selection criteria generatedby the selection criteria generator 1820 include a history of web sitesor URLs visited. In another embodiment, the selection criteria generatedby the selection criteria generator include a history of web sites orURLs that are not visited. In still another embodiment, the selectioncriteria generated by the selection criteria generator 1820 includepositive (e.g., did search URL X) as well as negative characteristics(e.g., did not search URL X).

As shown in FIG. 18, selection criteria generator 1820 generates theselection criteria. In the present embodiment, the components of system1800 are located at the data source layer, however, in other embodimentsthe selection criteria generator 1820 is located at other layers of FIG.5.

In addition, the user profile which is compared against the selectioncriteria includes user information collected from at least oneelectronic device associated with the potentially targeted user. A fulldiscussion on the user information of the user profile is provided inconjunction with a discussion of the operations of FIG. 7 of section 2.For example, user information might contain the user's search behavior,name, zip code, etc.

Further, the selection criteria that are generated by selection criteriagenerator 1820 are used to determine whether the user profile satisfiesthe selection criteria with requiring a release of any user informationin the user profile, in accordance with one embodiment of the presentinvention. In another embodiment, user information is not required to bereleased to a data source. That is, in determining whether the userprofile satisfies the selection criteria, user information is notrequired to be released beyond the line A-A in FIG. 5. Morespecifically, in determining whether the user profile satisfies theselection criteria, user information is not required to be released tothe data source (e.g., 511, 513, or 515) of FIG. 5. As such, userinformation associated with the potentially targeted user that is usedto determine whether the user profile satisfies the selection criteriais not required to be released. In other words, the determination thatthe potentially targeted user is selected as one to whom the data istargeted is made without releasing any of the user information.

In one embodiment, the data includes open faced questions. That is, aquestion is posed to the targeted user. Based on the answer to thequestion, a follow on offer for the delivery of additional data is sentto the targeted user. For example, an open ended question to a targeteduser might ask if the user owns a green car. If the user answerspositively, another additional offer is posed to the user wherein theadditional offer asks if the user would like to see additionaladvertisements.

A close relationship exists between the data as generated by datagenerator 1810 and selection criteria as generated by selection criteriagenerator 1820. In particular, the selection criteria is generated verynarrowly and with great granularity to target data to a specific groupof users. As such, various relationships exist in generating both thedata and the selection criteria.

In one embodiment the data is generated by data generator 1810 beforethe selection criteria are generated by the selection criteria generator1820. That is, the data is generated by the data generator 1810 with ageneral user in mind. Thereafter, selection criteria is created whichpertain to a particular group of users which are targeted for thedelivery of data generated by the data generator 1810. As such, in onecase the selection criteria is more general, and targeted to a widegroup of users. In another case, the selection criteria is morespecific, and is targeted narrowly to appeal to a specific group ofusers. In both cases, the advertisement is identical.

As an example, the data is an advertisement promoting laundry detergent.In one case, the selection criteria are used to describe characteristicsof a homemaker. Targeting of the homemaker through the method of flowdiagram 1700 is a supplement to more traditional forms of advertisingtargeted to the homemaker, such as television advertisements during soapoperas. In another case, the selection criteria describescharacteristics of a college student. In such an embodiment, thetargeting of the college student through the method of flow diagram 1700is more effective than traditional forms of advertising, since collegestudents may not be exposed to television or print advertising.

In another embodiment, the selection criteria are generated by selectioncriteria generator 1820 before the data is generated by data generator1810. That is, the data is narrowly generated with a particular usergroup in mind. In the present embodiment, a specific group of users andtheir characteristics are first determined. Thereafter, the data isgenerated to be targeted to that particular group of users. In thisscenario, data is narrowly tailored to appeal to the specific group ofusers that are targeted.

In the above scenario two different items of data are generated by datagenerator 1810 even though they both promote the same product, forexample a high performance outdoor jacket. In one case, the selectioncriteria generated by the selection criteria generator 1820 narrowlydescribes a group of users who rock climb on a regular basis. Thereafterthe data promoting the outdoor jacket is created to appeal to the rockclimbers as a group of users and includes images of rock climberswearing the jacket. This same selection criteria is used for other data(e.g., rock climbing equipment) that is targeted to that group of rockclimbers.

In another case, the selection criteria generated by the selectioncriteria generator 1820 more generally describes a group of users wholike to wear quality outdoor gear whether walking around town, hiking,etc. The data promoting the outdoor jacket is generated by the datagenerator to appeal to this more general group of users and includesimages of hikers wearing the jacket. In both cases, the advertisement isdifferent.

In still another embodiment, the data generated by data generator 1810and the selection criteria generated by the selection criteria generator1820 are created jointly. That is, the data and the selection criteriaare created simultaneously.

Also, in another embodiment, the data is configured by data generator1810 such that a design module is capable of customizing the data to apotentially targeted user based on user information in an associateduser profile. That is, once the user profile of the potentially targeteduser is determined to satisfy the section criteria, before delivery, thedata is customized to the potentially targeted user using a customizer,not shown. For example, using the example of a user in the market for aninkjet printer, if the query included search terms that included asearch URL of company A, and a non-search of company C, the data iscustomized to include the following terms: “Reasons that company C'sinkjet printers are superior to company A's inkjet printers.”

At 1730, the present embodiment optionally generates a query fordetermining whether the user profile satisfies the selection criteria. Afull discussion describing the operations used for determining whether auser profile satisfies the selection criteria is provided in conjunctionwith a discussion of the operations of FIG. 7 of section 2. As shown inFIG. 18, a query generator 1830 generates the query.

Further, the selection criteria is included within the query that isused for the targeted delivery of data, as previously described inconjunction with FIG. 13 of section 3 in accordance with one embodimentof the present invention. The query is broadcast to a plurality of usersby a broadcaster (e.g., one located at the broadcast layer of FIG. 5).More specifically, the query is broadcast to a controller associatedwith a potentially targeted user. The controller is able to access theuser profile associated with the potentially targeted user and comparethe user profile against the target profile defined by the selectioncriteria to determine if the user profile satisfies the selectioncriteria.

In one embodiment, the selection criteria are modified by selectioncriteria generator 1820 before the query is broadcasted to a pluralityof users. That is, the selection criteria are adjusted by selectioncriteria generator 1820 to pinpoint delivery of the data to a particulargroup of users. For instance, data is generated that is targeted to agroup of users. If it is found that the query used to target delivery ofthe data to the group of users had a low hit rate, then the selectioncriteria used in the query are adjusted before making another broadcast.

In another embodiment, the offer is only broadcast once by a broadcaster(not shown). That is, to discourage fraud, the availability of the datais not repeated so that fraudulent users cannot try afterwards togenerate a user profile that satisfies the selection criteria includedwithin the offer. As a result, if the offer is only broadcast once, thenthere is no incentive to try to simulate the characteristics identifiedby the selection criteria in hopes of generating consideration when thatoffer is repeated in the future.

In still another embodiment, to prevent fraud, the query generated byquery generator 1830 is partially encrypted so that it is difficult todetermine exactly what characteristics are included within the selectioncriteria of a query. In such an embodiment, the risk of broadcasting aquery multiple times and having users guess and simulate thecharacteristics comprising the selection criteria is lower.

At 1740, the present embodiment generates an incentive by incentivegenerator 1840 as compensation or consideration for delivering the datato the potentially targeted user. In the present embodiment, the offerfor the delivery of data includes the incentive. The incentive iscompared against a user selected relevancy criteria to determine if theuser is interested in being presented with the offer. A full discussionof the user selected relevancy criteria is provided in relation to FIG.9 of section 2.

For instance, the incentive is an offer of a certain amount of money,called the bid price, submitted by a data source. The user selectedrelevancy criteria is the minimum amount of money the user requires toview an advertisement, called an ask price. In such an embodiment, thedata is delivered when the incentive bid price meets or exceeds the askprice.

In addition, an incentive limiter 1850 is shown in system 1800. Theincentive limiter 1850 sets a cap on the total amount of incentives thatare distributed for a particular item of data. That is, the incentivelimiter 1850 limits the incentives that are paid to a set of targetedusers whose user profiles satisfy the selection criteria. As such, evenif a user profile of a particular user satisfies the selection criteria,any incentive will not be paid to the user since the cap has beenreached. In still another embodiment, a cap is placed on payments toindividual users. This is also an important tool for limiting fraud. Forinstance, incentive payments are capped to all users associated with aspecific US postal address.

In still another embodiment, the number of users whose user profilessatisfy the selection criteria of an offer and whose asking price fortheir attention is exceeded by the bid price associated with the offeris not known before the distribution of the offer. As such, the cost fordistributing the offer is unknown. This is addressed using caps, randomsampling, message primitives, and voting protocols. For example, in oneembodiment, the costs for distributing incentives are capped byspecifying to users that only the first n number of users whose userprofiles satisfy the selection criteria and accept will receive anincentive. In another embodiment, through random sampling of the userpopulation, the overall cost of an advertisement is estimated to(almost) arbitrary accuracy. In still another embodiment, anonymousmessage primitives are allowed in the system (e.g., through a broadcastlayer that uses a peer-to-peer architecture), and the number of userprofiles that satisfy the selection criteria is determined transparentlyto users, still without violating a user's privacy. In anotherembodiment, internet voting protocols are used to determine the numberof users whose user profiles satisfy the selection criteria.

In addition, the present embodiment is configured such that userinformation is released upon delivery of data. That is, once the presentembodiment determines that a user profile of an associated usersatisfies the selection criteria of a query, and the data has beendelivered for viewing by the user, user information is released ascompensation or consideration of receipt of the data by a receiver(e.g., a receiver at the data distributor 520 of FIG. 5).

In another embodiment, information related to a set of targeted users isreceived by a receiver (e.g., a receiver at a data source of FIG. 5).The information is an aggregate of information compiled from the userinformation received from individual users upon receipt of data. In suchan embodiment, the privacy of each individual user is still ensuredsince information is not identifiable to a particular user.Additionally, in embodiments in accordance with the present invention,user information is only released with explicit authorization by theuser.

FIGS. 19A-F are diagrams illustrating exemplary user interfaces used togenerate an offer for the targeted delivery of data, in accordance withone embodiment. The user interfaces of FIGS. 19A-F are implementedwithin the data source layer of FIG. 5, or by a third party between thedata source layer and the data distributor layer of FIG. 5. In addition,the user interfaces of FIGS. 19A-F are implemented in conjunction withthe data distributor layer of FIG. 5. That is, a server associated witha data distributor of the data distributor layer of FIG. 5 manages theuser interfaces of FIGS. 19A-F that are used to generate an offer forthe targeted delivery of data. For purposes of illustration only, theoffer that is generated in FIGS. 19A-F is related to a spam killerapplication advertisement that is being targeted to a particular groupof users. In one embodiment, the broadcasting of the offer isimplemented through client polling. In addition, values and terms usedas inputs are for illustration only and other embodiments of the presentinvention supports various other values and terms.

Turning now to FIG. 19A, a window 1900A of a user interface forgenerating an offer is shown, in accordance with one embodiment. Thewindow 1900A is a content manager for a system that is capable oftargeted delivery of data. The window 1900A is relevant to a data sourcethat is simultaneously presenting multiple offers for the delivery ofdifferent items of data. For example, as shown in FIG. 19A, two activeoffers are shown. A first active offer presented by the data source isrelated to the heading of “Table PC.” A second active offer presented bythe data source is a TEST offer in row 1909.

Information in row 1907 is provided for the heading of “Tablet PC.” Forexample, the bid price is set to $1.11 in column 1901 and represents theamount of cash as an incentive the data source is willing to pay for thetargeted delivery of data. In addition, a budget of $100.00 total isincluded in column 1903 and represents the maximum incentives thesupplier is willing to pay for the distribution of the data. That is, nomore than $100.00 is to be distributed as incentive for the delivery ofdata. In the next two columns, a creation date is included in column1904 and an expiration date is included in column 1905. Also, in column1906, the status of the offer with the heading of “Tablet PC” isincluded. As shown in FIG. 19A, the offer for the data with the headingof “Tablet PC” is in an active state. In column 1908, further optionsare available. For example, editing of the offer is possible, changingthe expiration date is possible, or deleting the offer is possible.

A button 1902, when invoked, presents exemplary interfaces used togenerate another offer. That is, button 1902 enables entry to theinterfaces of FIGS. 19B-E in order to generate a new offer.

FIG. 19B is a window of an exemplary user interface 1900B that is usedto create an offer for the promotion of the spam killer application, inaccordance with one embodiment of the present invention. In general,FIGS. 19B-E are used to generate a new offer.

At input block 1910, the title of the advertisement is created. That is,the text “Spam Killer” referring to the application being promoted isincluded within block 1910. As such, the offer is being generated topromote the “Spam Killer” application.

At input block 1912, additional information is included that is relatedto the “Spam Killer” application. This additional information ispresented to a potentially targeted user for helping that user decide ifthe “Spam Killer” application is worthwhile to view.

At input block 1915, a method of delivering data is presented. Forexample in window 1900B, a URL is inputted that contains the data, inthis case the advertisement that is promoting the “Spam Killer”application. As such, the offer being generated includes the link to theURL contained in block 1915. If the user profile satisfies the selectioncriteria, as later defined, then the URL at block 1915 is invoked todeliver the data contained within the URL.

Once the blocks in window 1900B have been completed, selection of thecontinue option brings up window 1900C.

FIG. 19C is a window of an exemplary user interface 1900C that is usedto set selection criteria, in accordance with one embodiment. Morespecifically, the user interface 1900C is used to generate selectioncriteria used to identify targeted users. As such, those user profilesthat satisfy the selection criteria are the targeted users to whom thedelivery of data is targeted.

Block 1937 provides a summary of important information associated withthe offer being generated by the user interfaces of FIGS. 19B-E. Forexample, the title of the application is included, along with a briefdescription of the application. The location of the URL where the datais located (e.g., the advertisement) is also included.

The first matching criteria includes the exact terms used in recentsearches. Block 1930, a drop-down field, describes the type of the firstmatching criteria as “Exact Search String.” Input block 1931 includesthe terms or values of the “Exact Search String.” In block 1931, theterm “spam” is used to define characteristics of targeted users. Thatis, the selection criteria is isolating users who have searched theinterne using the “spam” search term.

The second matching criteria includes a visited URL. Block 1933describes the type of the second matching criteria as “URL (visited).”In block 1934, the term “http://howtokillallspam” is used to define thevisited URL for the second matching criteria.

Block 1935 is presented to illustrate that multiple criteria is used todefine characteristics of the targeted users. For instance, another typeof “URL (visited)” is used as a third matching criteria. In such anembodiment, the value is blank until the URL is entered.

Once the input blocks in window 1900C have been completed, selection ofthe continue option brings up window 1900D.

FIG. 19D is a window of an exemplary user interface 1900D that is usedto confirm the matching criteria that is set in window 1900C, inaccordance with one embodiment of the present invention. Morespecifically, the user interface 1900D is used to confirm the selectioncriteria used to identify targeted users.

Block 1947 provides a summary of important information associated withthe offer being generated by the user interfaces of FIGS. 19B-E. Forexample, the title of the application is included, along with a briefdescription of the application. The location of the URL where the data(e.g., the advertisement) is accessed is also included, as well as thedata source that generates the data associated with the offer. In thiscase, the “Test Advertiser” is the provider.

In window 1900D, two selection criteria have been generated. At row1941, the selection criteria for the “spam” search term is presented insummary. At row 1942, the selection criteria for the URL“http://howtokillallspam” is presented in summary. In column 1945, anaction is available to delete either of these selection criteria. Inaddition, selection of option 1949 allows the user to return to window1900C and add another selection criteria, for example.

Once the input blocks in window 1900D have been completed, selection ofthe continue option brings up window 1900E.

FIG. 19E is a window of an exemplary user interface 1900E that is usedto set the budget for the offer created in FIGS. 19B-E, in accordancewith one embodiment of the present invention.

Block 1957 provides a summary of important information associated withthe offer being generated by the user interfaces of FIGS. 19B-E. Thesummary in block 1957 is identical to the summary in block 1947.

Input block 1951 sets the total budget for distributing the offer. Inblock 1951, five thousand dollars is set as the total budget. As such,up to five thousand dollars will be distributed as incentives for thedelivery of the advertisement promoting the “Spam Killer” application,for example in one embodiment.

Input block 1953 sets the individual cap for incentives that are paidfor each delivery of data to a targeted user whose user profilesatisfies the selection criteria of the offer. In this case, a sum of$2.45 is provided as incentive to be distributed. The incentive isdistributed to the user who receives the advertisement, the datadistributor broadcasting the offer, or a combination of the two, inembodiments of the present invention.

Input block 1955 sets the block of time that the offer is valid. In thiscase, a total of 30 days is provided as a window for an active offer.

Once the blocks in window 1900E have been completed, selection of thecontinue option brings up window 1900F. In FIG. 19F, a window 1900F of auser interface for generating an offer is shown, in accordance with oneembodiment of the present invention. The window 1900F is a contentmanager to a system that is capable of targeted delivery of data and issimilar to the window 1900A of FIG. 19A, except for the additional rowof information 1960 indicating the offer generated through the use ofwindows 19B-19E.

The window 1900F is relevant to a data source that is simultaneouslypresenting multiple offers for the delivery of different items of data.For example, as shown in FIG. 19F, three active offers are shown. Afirst active offer presented by the data source is related to theheading of “Table PC.” A second active offer presented by the datasource is a TEST query in row 1909. In addition, a third active offerpresented by the data source is related to the newly generated offerwith the heading of “Spam Killer.”

In accordance with another embodiment of the present invention, aconversion tracking capability is provided for a particular offer. Forpurposes of the present Application, the term “conversion” is intendedto refer to a specific action taken by a user in response to an offer.Typically, the action has some benefit to the originator of the offer.As such, conversion includes hard actions, such as purchasing a product,or soft actions, such as clicking through a web site, or signing up foran electronic newsletter delivered over the internet, etc. In addition,in another embodiment, an incentive (e.g., cash, frequent flier miles,coupons, etc) can be paid to the user and/or the network ownerdelivering the offer when the user performs a conversion. For example, auser is said to convert when they purchase the good being offered bythat advertisement. That is, for a particular offer, the presentembodiment is able to track a future event, such as the conversion of aproduct being promoted in the offer. For example, an offer associatedwith promotional data advertising a tennis racket is tracked. That is,the present embodiment is able to track the total number of tennisrackets being promoted that were sold to the targeted users whose userprofiles satisfy the selection criteria of the offer.

In still another embodiment of the present invention, the cookiesrelated to delivery of the data are automatically blocked. Cookies areused to identify users who have visited a URL, for example. In thismanner, further protection of the identity of the targeted user ispreserved.

In accordance with another embodiment of the present invention, multipleitems of data are generated for a single query. For example, one queryis associated with two or more advertisements for the same product. Thepresent embodiment is able to track the version of the data that ispresented to a particular user and ensure that only one item of data ispresented to that user. For instance, one version of an advertisement ofa single product is only presented to the targeted user.

In still another embodiment, an auction is provided for a particulartype of data that is targeted to one targeted user. For example, oneitem of data (e.g., an advertisement) is promoting vehicle type V and isgenerated by dealer A. At the same time, a second item of data promotingthe same vehicle type V is generated by dealer B. The first and seconditems are not identical. That is, the items of data are tailored to eachindividual dealer, A and B. One item of data is tailored to dealer A forthe promotion of vehicle type V, and the other item of data is tailoredto dealer B for the promotion of vehicle type V. In addition, theselection criteria is configured such that the first and second items ofdata are targeting a single user.

In such an embodiment, the present embodiment employs an auction betweendealer A and B in order to determine which dealer can deliver their itemof data. In this way, additional revenue is generated, and the user isnot bombarded with two advertisements promoting the same product.

Section 5 Business Method for Generating Revenue by Enabling TargetedData Delivery

Embodiments of the present invention are discussed within the context ofelectronic devices that are associated with a user. One electronicdevice, for example is the PC and is used for illustrative purposes.Although the PC is used for purposes of brevity and clarity in many ofthe following examples, other embodiments of the present invention arewell suited to creating networks of users for the targeted delivery ofdata using electronic devices other than PCs.

In one embodiment, manufacturers of PCs can leverage their position tocreate a network of users that are controlled by the PC manufacturer asthe network owner. The PC as a commodity is ubiquitous throughout theworld. As such, the PC is used to efficiently connect data sources(e.g., advertisers) and users through the targeted delivery of data(e.g., advertisements). For example user information collected from PCsis used to efficiently target delivery of data. In one implementation, adata source targets data to users over a communication network based onthe user information. As an added benefit, the targeted delivery of datais accomplished without requiring a release of any of the userinformation absent authorization and consent by the user. As a result,data sources utilize networks, which couple vast numbers of PCs, toelectronically distribute their data to a large audience of PC users.

As a result, the use of the PC for the targeted delivery of dataprovides economic advantages to manufacturers of the PC. In this way,the use of the PC brings an economic benefit both to the user andmanufacturers of the PC. This economic shift to the manufacturer of thePC, for example, would be in direct contrast to another highlycommoditized technology, the television (TV) which provides virtually nomarginal economic benefit to manufactures of the TV with the use oftheir TV product. For example, TVs are ubiquitous and inexpensive. Assuch, manufacturers of TVs marketed to the general public have lowprofit margins. However, even though the television occupies a crucialposition in the chain of delivering content to users, heretofore the useof the TV provides little or no economic benefit to the TVmanufacturers. That is, the conventional use of TVs and PCs directsprofits to the suppliers of content and the suppliers of software thatshape the delivery of content, and not the manufactures of the TVs orPCs.

On the other hand, embodiments of the present invention provide for anetwork architecture that allows PC manufacturers as data distributorsto leverage their position as a supplier and center point of tens ofmillions of PCs in order to obtain an economic benefit from the use ofPCs. This is possible by turning the base of computer users into aproprietary network of users to which data (e.g., advertising) isdelivered. The network architecture of embodiments of the presentinvention is beneficial in that it discourages spam. In addition, thenetwork architecture provides for highly relevant targeted advertisingby exploiting the PC's position as the last link in the delivery ofcontent. Also, the network architecture protects the privacy of all userdata.

FIG. 20 is a flow diagram 2000 illustrating operations in a businessmethod for revenue generation by enabling data delivery to selectedtargets, in accordance with one embodiment of the present invention. Theflow diagram 2000 is capable of providing an economic benefit to networkowners that control access to a network of users.

At 2010, the present embodiment provides access to a plurality ofpotentially targeted users. Access to the plurality of potentiallytargeted users is achieved through a proprietary network, such as avirtual network. For example, in one embodiment, access is providedthrough the data distribution layer of FIG. 5 as the network owner.

As such, the targeted delivery of data provides benefits for networkowners (e.g., data distributors of FIG. 5) who control the proprietarynetwork. In such an embodiment, the network of potentially targetedusers is owned by the network owner, and as such, access to those usersis through the network owner. As such, data is targeted to those usersthrough the network owner. Since the network owner is a control point,it realizes an economic benefit from providing the access to those usersin its network.

At 2020, the present embodiment accesses selection criteria used forselecting user profiles of the plurality of potentially targeted users.The selection criteria is used to identify users to whom delivery ofdata is desired. As such, the selection criteria includescharacteristics of users to whom the data is targeted. For example, theselection criteria defines in one embodiment behavioral activity of thetargeted users on associated electronic devices. In addition, in anotherembodiment, the selection criteria defines a history of web sitesvisited, or not visited, or a combination of both.

In the present embodiment, the user profiles are based on userinformation collected from electronic devices associated with theplurality of potentially targeted users. For example, user informationin one embodiment includes behavioral characteristics of the pluralityof potentially targeted users. A full description of the collection ofuser information from associated electronic devices is provided in FIG.7 of section 2.

At 2030, the present embodiment determines which of the user profilesassociated with the plurality of potentially targeted users satisfy theselection criteria. As such, the present embodiment is able to provideaccess to the user profiles of the plurality of potentially targetedusers in order to determine which of the user profiles satisfy theselection criteria.

More specifically, the selection criteria are included within a querythat is performed to determine which user profiles of a plurality ofpotentially targeted users satisfy the selection criteria. That is, thequery is forwarded to the plurality of potentially targeted users. Thequery is performed against the user profiles of the plurality ofpotentially targeted users to identify which of the potentially targetedusers is a targeted user. A full discussion of the selection criteriaand their use in determining whether a user profile satisfies theselection criteria is provided in FIG. 13A of section 3.

Moreover, the determination of which user profiles in the plurality ofpotentially targeted users satisfy the selection criteria is performedwithout requiring a release of user information in the user profiles. Assuch, the privacy of the plurality of potentially targeted users ismaintained. That is, the network including the plurality of potentiallytargeted users targets the delivery of data by determining if a userprofile satisfies the selection criteria without releasing any of theuser information used to make that determination.

At 2040, the present embodiment enables distribution of data to theusers of the plurality of potentially targeted users whose user profilessatisfy the selection criteria. The data is generated by a data sourcewith the knowledge that the data is delivered to targeted users who aredefined by definable user characteristics and whose user profilessatisfy the selection criteria. As such, the data is tailored to appealdirectly to those targeted users.

At 2050, the present embodiment receives compensation or considerationfor enabling the distribution of data. That is, the present embodimentis able to receive compensation or consideration for enabling thetargeted delivery of data to a plurality of potentially targeted userswhose user profiles satisfy the selection criteria. That is, byproviding access to a plurality of potentially targeted users through aproprietary network, an economic platform is created that generatesincome for the targeted delivery of data to users whose user profilessatisfy the selection criteria.

In one embodiment, the source of the data provides the compensation tothe network owner who controls access to the plurality of potentiallytargeted users. For example, the data source is an advertiser who isinterested in the targeted delivery of advertisements, in oneembodiment.

In another embodiment, the network owner who controls access to theplurality of potentially targeted users is a search engine. In such anembodiment, the search engine provides the network to perform thetargeted delivery of data and, as such receives compensation for thetargeted delivery of data to user profiles that satisfy the selectioncriteria.

In still another embodiment, the network owner who controls access tothe plurality of potentially targeted users is an interne serviceprovider (ISP). In such an embodiment, the ISP provides the network toperform the targeted delivery of data and, as such receives compensationfor the targeted delivery of data to user profiles that satisfy theselection criteria.

In still another embodiment, the user to whom the data is deliveredreceives compensation. For example, an incentive as compensation orconsideration is paid to the user for the user's attention in receivingand viewing the data. In that case, the offer for the delivery of dataincludes the incentive that is generated as consideration for thedelivery of the data to a targeted user. The incentive is used todetermine if a targeted user deems it worthwhile to receive the data,and as consideration for the delivery of the data. A full discussion ofthe satisfaction of the user selected relevancy criteria is presented inrelation to FIG. 9 of section 2.

As a result, embodiments in accordance with the present invention enablethe ubiquitous PC to be converted from a commodity with low profitmargins to a revenue generating device. Other embodiments in accordancewith the present invention are well suited to converting other lowmargin electronic devices to a high revenue generating appliance. Forexample, other low margin electronic devices include, but are notlimited to, videocassette recorders (VCRs), personal digital assistants,cell phones, etc.

More specifically, embodiments in accordance with the present inventionprovide for after market revenue generation of these PCs and other lowmargin electronic devices. That is, instead of ending the economicrelationship between a user who has purchased of one of these low marginelectronic devices that are commodities, embodiments in accordance withthe present invention establish an on-going economic relationship withthe user. The relationship can extend for the lifetime of the user.

Embodiments in accordance with the present invention encourageparticipation of users by providing economic incentives and awards tothe user. Specifically, by a user participating in a data deliverynetwork, the present embodiments provides incentives to the user forviewing data that is relevant to the user's interests. Other embodimentsreduce the amount of user's attention given to unwanted data. As such,embodiments of the present invention provide an economic and timebenefit to the user.

In addition, the owner of the data delivery network (e.g., the datadistributor) receives payment for delivering data to the user, inaccordance with embodiments of the present invention. That is, byproviding the network that allows access to the user and other users,embodiments of the present invention provide for revenue generation tothe data distributor for the targeted delivery of data. The larger thenetwork of users, the larger the revenue stream flowing to the datadistributor. Also, the revenue flow per user can be timeless. That is, auser may participate within the data delivery network for the lifetimeof the user if the incentives make it worthwhile to stay for theextended period.

Moreover, embodiments in accordance with the present invention arecapable of providing the targeted delivery of data while maintaining theprivacy of the users. As such, embodiments of the present invention areable to develop good will amongst the network of users that participatein the targeted delivery of data. This in turn develops a core of loyalcustomer users who are comfortable in receiving the targeted delivery ofdata, while at the same time receiving an economic incentive.

Hence, embodiments in accordance with the present invention provide forthe extension and creation of a relationship with a user through acommoditized electronic device. As such, embodiments in accordance withthe present invention are able to continue the relationship beyond thesale of the electronic device, and further are capable of generatingrevenue both for the user and the owner of the network (e.g., datadistributor) that provides the targeted delivery of data. This revenuestream conceivably can last the lifetime of the user.

Section 6 Business Method for Generating Increased User Interest andEfficient Allocation of Advertising Resources by Enabling Targeted DataDelivery

FIGS. 21 and 22 utilize the methods and systems as presented in theFIGS. 1-19 to provide increased user interest in the delivery of dataand the efficient use of advertising money when advertising.Specifically, embodiments of the present invention of FIGS. 21 and 22are capable of being implemented within the network structures of FIGS.5 and 12 for the targeted delivery of data. That is, users areidentified and targeted for the delivery of data without requiring arelease of any user information.

FIG. 21 is a flow diagram 2100 illustrating operations in a businessmethod for generating increased user interest in a particular item ofdata by enabling delivery of the data to selected targets, in accordancewith one embodiment of the present invention. Embodiments of flowdiagram 2100 are able to perform targeted delivery of data to generateincreased interest in data while protecting the privacy of targetedusers. Because embodiments of the present invention are able to deliverdata to targeted users within a proprietary network, a revenue stream isgenerated related to the targeted delivery of data.

At 2110, the present embodiment generates data targeted to usersexhibiting definable user characteristics. That is, data is generatedwith the knowledge that the data will be delivered to targeted users whoare defined by the definable user characteristics. As such, the data istailored to appeal directly to those targeted users. Since the data willnot be received by users other than the targeted users, concernsrelating to the creation of the data relevant to those users other thanthe targeted users do not need to be addressed. Generation of data isfully described in relation to FIG. 17 in section 4.

At 2120, the present embodiment generates selection criteria based onthe definable user characteristics. This selection criteria is used toidentify users to whom delivery of data is desired. The selectioncriteria includes characteristics of users to whom the data is targeted.For example, the selection criteria defines, in one embodiment, requiredbehavioral activity of the potentially targeted users on associatedelectronic devices. In addition, in another embodiment, the selectioncriteria defines a list of web sites that must have been visited, or notvisited, or a combination of both.

More specifically, the selection criteria is included within a querythat is generated. The query is used to target delivery of the data. Thequery is forwarded to a plurality of potentially targeted users. Theselection criteria is used to determine potentially targeted users whoseuser profiles satisfy the selection criteria. That is, performance ofthe query determines which user profiles of a plurality of potentiallytargeted users satisfy the selection criteria. A full discussion of thequery and its use in determining whether a user profile satisfies theselection criteria is provided in FIG. 13A of section 3.

In one embodiment, the data is associated with an incentive that isgenerated as consideration for the delivery of the data to a targeteduser. In one embodiment of the present invention, the incentive isincluded within the offer for the delivery of the data. The incentivedetermines if a targeted user deems it worthwhile to receive the data,and as consideration for the delivery of the data.

As such, the incentive is compared against a user selected relevancycriteria of said targeted user. For example, the incentive includes anincentive bid price, such that the targeted user's relevancy criteria issatisfied by the incentive when the incentive bid price meets or exceedsthe user ask price defined by the user selected relevancy criteria. Theincentive is used to determine which of those users whose user profilessatisfies the selection criteria are willing to consider the associatedoffer of data delivery. A full discussion of the satisfaction of theuser selected relevancy criteria is presented in relation to FIG. 9 insection 2.

In addition, in return for the delivery of the data, the network ownerreceives user information that was used to determine if an associateduser profile satisfies the selection criteria. This information is usedto further refine the selection criteria for targeted users in thetargeted delivery of data, in one embodiment.

Moreover, the determination of which user profiles in the plurality ofpotentially targeted users satisfy the selection criteria is performedwithout requiring a release of user information in the user profiles. Assuch, the privacy of the plurality of potentially targeted users ismaintained. That is, a network including the plurality of potentiallytargeted users targets the delivery of data by determining if a userprofile satisfies the selection criteria without releasing any of theuser information used to make that determination without authorizationor consent.

At 2130, the present embodiment generates increased user interest forthe data by distributing the data only to targeted users. That is, thedata is efficiently delivered only to potentially targeted users whoseuser profiles satisfy the selection criteria. In that way, if desired,the targeted delivery of data to potentially targeted users whose userprofiles do not satisfy the selection criteria is avoided. As such, thedata is distributed only to users who are perceived to be highlyinterested in the data, as opposed to distributing data to a wideaudience through conventional means that includes users who are highlyinterested, mildly interested, and not interested in the data. As aresult, because the delivery of the data is specifically targeted tousers who have high interest in the data and the users know this, ahigher degree of interest is generated in the data than would occur ifthe data were broadly distributed to a wide audience.

In one embodiment, for efficient distribution, the query is broadcastedto the plurality of potentially targeted users. More specifically, thequery is broadcasted to a controller associated with a potentiallytargeted user. The controller is capable of comparing a user profile ofan associated potentially targeted user against selection criteria todetermine if the user profile satisfies the selection criteria. A fulldiscussion of the broadcasting of the query is provided in relation toFIGS. 13A and 13B of section 3.

In one embodiment, to more efficiently target the data, the selectioncriteria are adjusted based on changes to the definable usercharacteristics exhibited. That is, if the definable usercharacteristics of the desired users change throughout the life of anoffer, the selection criteria are adjusted to reflect those changes. Inthat case, new and refined selection criteria are generated that areused to determine which of the potentially targeted users have userprofiles that satisfy the selection criteria.

FIG. 22 is a flow diagram 2200 illustrating operations in a businessmethod for efficiently allocating advertising resources by enablingdelivery of the data (e.g., advertisements) to selected targets, inaccordance with one embodiment of the present invention.

Embodiments of the present invention are described within the context ofthe targeted delivery of data, and more specifically to the targeteddelivery of an advertisement. Because embodiments of the presentinvention are able to deliver the advertisement to only targeted users,the costs per conversion are minimized. Embodiments of FIG. 22 of thepresent invention are discussed within the context of deliveringadvertisements, but other embodiments are well suited to the targeteddelivery of data that are not advertisements.

At 2210, the present embodiment generates data (e.g., advertisements)targeted to users exhibiting definable user characteristics. Theoperation executed in 2210 is similar to the operations of 2110 of FIG.21. A full discussion devoted to the generation of data is provided withrespect to 2110 of FIG. 21.

At 2220, the present embodiment generates selection criteria based onthe definable user characteristics, such that a query comprising theselection criteria is performed to determine which user profiles of aplurality of potentially targeted users satisfy the selection criteriawithout requiring a release of user information in the user profiles.The selection criteria includes characteristics of users to whom thedata is targeted and is included within the query. The operationexecuted in 2220 is similar to the operations of 2120 of FIG. 21. A fulldiscussion devoted to the generation of selection criteria is providedwith respect to 2120 of FIG. 21.

At 2230, the present embodiment efficiently spends an advertising budgetrelated to the distribution of the advertisement by delivering theadvertisement to potentially targeted users whose user profiles satisfythe selection criteria. That is, advertising money related to thedistribution of the advertisement, as data, is efficiently spent byusing a system that is capable of highly satisfactory conversion rates.Efficient spending of the advertising budget is achieved, even thoughthe cost per user for delivery of the data may be higher, because theadvertisement is delivered only to interested users, which are morelikely to perform an action that converts the advertisement. Forexample, the advertisement is delivered directly users whose userprofiles satisfy the selection criteria. Moreover, advertisingexpenditures are focused on interested users by only delivering theadvertisement to potentially targeted users whose user profiles satisfysaid selection criteria.

As such, since the advertisement is only delivered to interested users,advertising expenditures need not be unnecessarily expended for thedelivery of the advertisement to users who are not interested in theadvertisement. That is, the present embodiment is capable, if desired,of avoiding delivery of the advertisement to potentially targeted userswhose user profiles do not satisfy the selection criteria.

In addition, the present embodiment generates increased user interestfor the data by distributing the data only to targeted users. That is,the data is delivered only to potentially targeted users whose userprofiles satisfy the selection criteria. As such, the data isdistributed only to users who are perceived to be highly interested inthe data. As a result, because the delivery of the data is specificallytargeted to users who have high interest in the data and they know this,a higher degree of interest is generated in the data than would occur ifthe data were broadly distributed to a wide audience. It is easier andcheaper to attract the attention of a user to an advertisement the userknows is likely to be interesting than to one the user expects to beuninteresting.

In another embodiment, increased interest in the data is generated bymarking the data that is delivered to users whose user profiles satisfythe selection criteria. That is, the data is marked in such a way toindicate that the data has been delivered to a user because theassociated user profile satisfies the selection criteria. In thismanner, the user can immediately distinguish data of greater interest tothe user because of the marking that indicates that the data has beendelivered because an associated user profile has satisfied the selectioncriteria.

Further, the targeted delivery of data provides economic benefits fornetwork owners (e.g., data distributors of FIG. 5) who control aproprietary network, such as a virtual network in embodiments of thepresent invention. The network of users is owned by the network owner,and as such, access to those users is through the network owner. Assuch, data is targeted to those users through the network owner. Sincethe network owner is a control point, it realizes an economic benefitfrom providing the access to those users in its network.

As such, in one embodiment, a distributor of the data receivescompensation or consideration for enabling the targeted distribution ofdata. That is, the present embodiment is able to provide compensation orconsideration to the distributor upon delivery of the advertisement topotentially targeted users whose user profiles satisfy the selectioncriteria. That is, by providing access to a plurality of potentiallytargeted users through a proprietary network controlled by thedistributor, embodiments in accordance with the present inventionestablish an economic platform that generates income to the distributorfor the targeted delivery of data to users whose user profiles satisfythe selection criteria.

In still another embodiment, the data distributor who forwards the offerto targeted users whose user profile satisfy the selection criteriareceives compensation or consideration. That is, the data distributorreceives compensation for delivering the offer to a user even though ithas not yet been determined if the user accepts the offer for thedelivery of the data.

In another embodiment, the distributor who controls access to theplurality of potentially targeted users is a search engine. In such anembodiment, the search engine provides the network to perform thetargeted delivery of data and, as such receives compensation for thetargeted delivery of data to users whose user profiles satisfy theselection criteria.

In still another embodiment, the distributor who controls access to theplurality of potentially targeted users is an internet service provider(ISP). In such an embodiment, the ISP provides the network to performthe targeted delivery of data and, as such receives compensation for thetargeted delivery of data to users whose user profiles satisfy theselection criteria.

Also, in still another embodiment, the user to whom the data isdelivered receives compensation or consideration. For example, anincentive as compensation or consideration is paid to the user for theuser's attention in receiving and viewing the data. That is, anincentive payment associated with the query is paid to potentiallytargeted users whose user profiles satisfy the selection criteria and towhom the advertisement is delivered.

In addition, in another embodiment, the incentive determines if atargeted user deems it worthwhile to receive the data. That is, an offeris shown only to targeted users whose user selected relevancy criteriameets or falls below the incentive. A full discussion of thesatisfaction of the user selected relevancy criteria is presented inrelation to FIG. 9 of section 2.

Accordingly, various embodiments of the present invention disclosemethods and systems for targeted data delivery. Embodiments of thepresent invention provide for protection of user privacy. In addition,other embodiments of the present invention provide the aboveaccomplishments and provide for more efficient advertising by targetingadvertising to interested recipients. Also, other embodiments of thepresent invention provide the above accomplishments and also discouragespam through a filtering mechanism through the preprocessing of messagesto determine if they meet a relevancy criteria set by the user. Inaddition, embodiments of the present invention are able to provide anincoming revenue stream from commodity electronic devices after theinitial sale of the electronic device (e.g., PCs). Various otherembodiments achieve the above accomplishments and generate increaseduser interest for data by distributing data only to targeted users.Still other embodiments achieve the above accomplishments and also moreefficiently advertise by delivering the advertisement to only users whoare interested in it.

While the methods of embodiments illustrated in flow charts 100, 200A,200B, 700, 900, 1300A, 1300B, 1500, 1700, 2000, 2100 and 2200 showspecific sequences and quantity of operations, the present invention issuitable to alternative embodiments. For example, not all the operationsprovided for in the methods presented above are required for the presentinvention. Furthermore, additional operations can be added to theoperations presented in the present embodiments. Likewise, the sequencesof operations can be modified depending upon the application.

Section 7 Method and System for Anonymous Reporting of Impressions,Clickthroughs, and Conversions of Targeted Data

As an overview, the discussion above describes the targeting of data toa user 350 based on a user profile. Specifically, data is targeted tothe user 350 without releasing any user information in a user profileassociated with the user 350. The user profile is used to target thedata to the user 350. As such, the privacy of the user 350 is maintainedthrough the process of targeting data to the user 350. The followingsection extends the scope of protecting the privacy of a user 350 whenreporting impressions, clickthroughs, and conversions by the user 350 oftargeted data. That is, embodiments of the present invention are capableof providing anonymous reporting of targeted data impressions,clickthroughs, and conversions associated with a user 350.

Advertisers determine the value of online advertisement spots throughvarious measurable metrics. For instance, the number of impressionsdiscloses the number of times an advertisement is shown to a user 350.Also, the number of clickthroughs discloses the number of times any user350 clicks on a given advertisement. Furthermore, the number ofconversions discloses the number of times a user 350 buys something froman advertiser after viewing an advertisement. These metrics arenecessary to properly bill advertisers since advertising rates can bebased on the number of impressions, or clickthroughs, or conversions. Inthis way, the advertiser is able to select and produce efficientadvertisements that maximize conversions.

Accordingly, embodiments of the present invention are able to collectmetric information in aggregate from a plurality of users without a lossof privacy. In particular, embodiments of the present invention are ableto provide anonymous reports of user activity to a data distributor 520of FIG. 5 (e.g., network owner), thus preserving the privacy of the user350. Further, the metric information that is collected preserves privacyof individual users since it cannot be inferred that a given report isassociated with a given user when there are large numbers of pairs ofanonymous reports and users, in accordance with embodiments of thepresent invention. That is, through anonymous reporting by the users ofa network, the data distributor 520 is unable to determine whichimpressions, clickthroughs, and conversions are associated with whichusers.

FIG. 23 is a flow chart 2300 illustrating a computer implemented methodfor anonymous reporting, in accordance with one embodiment of thepresent invention. In particular, the present embodiment is able totrack impressions, clickthroughs, and conversions from a particular userin relation to targeted data and report the tracked information withminimal privacy loss. Moreover, the present embodiment is able to ignorereported impressions, clickthroughs, and conversions from machines thatnot are clients 560, 575 of the system for targeted data delivery aswell as multiple reports for the same period for the same client 560,575. It does this by giving at most one different signed authorizationnumber to each client 560, 575. Combined with a limit on how manyimpressions, clickthroughs, and conversions any one client can report ata time, this prevents hostile entities from significantly tampering withthe aggregate results, such as when the rivals of an advertiser X mightwish to greatly increase the number of reported conversions foradvertiser X's advertisement in order to raise advertiser X's bill fromthe data distributor 520.

The operations performed in 2310, 2320, and 2330 are analogous to theoperations in part performed in 710, 720, and 770, respectively, of FIG.7, in accordance with one embodiment of the present invention. That is,the present embodiment is capable of collecting user information,generating a user profile based on the user information, and storing theuser profile, such that the user profile can be used to achieve deliveryof data, which can be targeted to the user 350 without requiring arelease of any of the user information in the user profile usingtechniques previously discussed in relation to FIGS. 1, 2A, 2B, 7, 9,and others. Generally, the operations in FIG. 23 utilize the methods andsystem as presented in FIGS. 1-22 to provide targeted data delivery andthe anonymous reporting of user activity associated with the targeteddata, in accordance with one embodiment of the present invention.

For instance, at 2310, the present embodiment collects user informationabout a user 350 from at least one electronic device that is associatedwith the user 350, as in 710 of FIG. 7. For example, the userinformation describing characteristics of the user 350 is collected fromone or more of the electronic devices located below line D-D within theuser layer of FIG. 5. As shown in FIG. 8, the collector 810 collects theuser information, in one embodiment.

At 2320, a user profile is generated based on the user information, asin 720 of FIG. 7. That is, a user profile is generated based on the userinformation collected in 2310. Correspondingly, as shown in FIG. 8, userprofile generator 820 implements the operation described at 2320 of FIG.23, in one embodiment.

At 2330, the present embodiment stores the user profile. For example,the user profile is stored on the client machine 575 of FIG. 5, or invarious other locations previously described. The user profile is usedto achieve delivery of the data that is targeted to the user 350 basedon the user profile without requiring a release of any of the userinformation in the user profile, as in 770 of FIG. 7 except possibly foran indication that the user profile satisfies the selection criteriaassociated with the data.

Embodiments of the present invention provide for storing of the userprofile on a client device that is controlled by the user 350 to providemaximum privacy of the user information and anonymous reporting ofstatistical metrics associated with user activity. For instance, in oneembodiment, the user profile is stored locally on the user's electronicdevice 575 within the user layer located below line D-D of FIG. 5. Assuch, since the electronic device 575 is within the immediate andphysical control of the user 350, release of user activity informationmetrics can also be closely controlled. In another embodiment, the userprofile is kept remotely in a location that is controlled by the user350. For example, in the example shown in FIG. 5, a user profile A islocated remotely from an electronic device 565 that is associated withuser A in a layer located between the broadcast layer 540 and the userlayer. That is, the user profile is located between line C-C and lineD-D of FIG. 5 on a device that is controlled by the user 350. As such,the user's private information is stored on an electronic device that iscontrolled by the user, and can be released in return for adequatecompensation.

At 2340, the present embodiment generates a signed authorization number.This is done by the client 560, 575 associated with the user interactingwith a third party. The signed authorization number is signed by a thirdparty, for example the data distributor 520, that anonymously tracksmetric information regarding user activity with targeted data. Thethird-party verifies the identity of the client requesting a signedauthorization number. The third-party signs only one authorizationnumber for each valid client (i.e., a client uniquely associated with aregistered user of the system in good standing), in one embodiment ofthe present invention.

The signing is done in such a way that the resulting signedauthorization number is unknown to the third party, but known to theclient; moreover, the third party is able to verify that the signedauthorization number was signed by itself, the third party. This kind ofsignature is called a blind signature because the signer is blind to theresult of their signing. In this way, in embodiments of the presentinvention, the third party is able to authenticate, verify, validate,etc. that any data presented with the signed authorization number camefrom a valid client. Moreover, two pieces of data presented with thesame signed authorization number came from the same client and any twopieces of authorized data from the same client must have the same signedauthorization number. That is, even though data (e.g., message, report,information, etc) is sent anonymously along with the signedauthorization number, the third party is able to authenticate the datawithout associating the data to a particular user by verifying that thesigned authorization number was signed or generated by the third party.Moreover, the third-party can tell which data was sent from the sameclient without associating the data to any particular users.

At 2350, the signed authorization number is attached to a reportdetailing activities of the user 350. In particular, the presentembodiment monitors user interactions with data as activities of theuser 350. The data is targeted to the user 350 based on the userprofile. A report is generated that details the user interactions withdata that is targeted to the user 350 based on the user profile. Forinstance, the user interactions include impressions, clickthroughs, orconversions of the data targeted to the user 350, in embodiments of thepresent invention.

For instance, the system 600 of FIG. 6 is adapted to track impression,clickthroughs, and conversions for each data that is targeted andoffered to the user 350 for viewing and interaction. For example,conversions can be automatically detected by determining when a user isswitching to a secure socket layer (SSL) connection to securelycommunicate with an advertiser online store in order to place a purchaseorder. In another example, a conversion is detected when the user usesadvertiser-supplied information found in the offer associated with thetargeted data (e.g., the offer specifies that a conversion has occurredwhen the user 350 sees the URL“https://www.store.com/order-completed.html”). In still another example,an advertiser can place special codes on orders-completed web pages thatare recognizable.

At 2360, the present embodiment anonymously sends the report with thesigned authorization number to the third party (e.g., data distributor520). Anonymity preserves the reporting privacy of said user. Aspreviously stated, the third party is able to authenticate the reportusing the signed authorization number. That is, although the third partycannot correlate the signed authorization number or the underlyingauthorization number with any particular user (e.g., user 350), thethird party is able to verify that the signed authorization number wassigned or generated by the third party. The third-party discards anyunauthorized reports it receives. The third-party also discards anyduplicate reports (the same data, same signed authorization number)keeping only one copy. Should the third-party receive two differentpieces of data with the same signed authorization number, it may electto keep only the last one received or to discard all (including not yetreceived) pieces of data with that signed authorization number.

In other embodiments, the report is sent using any method for anonymouscommunication, including remailers, anonymizers, mixmasters, statisticalanonymization, internet voting protocols, etc.

Method 2300, in one embodiment, is repeated once per time period ofinterest. A different signature may be used each time to prevent thereuse of signed authorization numbers from an earlier period in a laterperiod. Alternatively, step 2340 may be performed only occasionally oronce per client resulting in a client using its signed authorizationnumber for multiple reports, but reports include information about whichtime period they are about and different reports with the same signedauthorization number are only discarded if they also refer to the sameperiod. Reports not for the current period are, of course, alsodiscarded.

After sufficiently long after the end of the period being reported on sothat most reports will have been received, the non-discarded reports areforwarded to the data distributor 520 if not already there. As such, theinformation in the report is relayed anonymously to the data distributor520. The data distributor 520 is then able to aggregate the metricinformation collected from a plurality of users and provide thisinformation back to the originators of the targeted data (e.g., datasources 510) for feedback, billing, etc. In one embodiment, the reportthat is sent does not correlate with the time period in which theunderlying events (e.g., impressions, clickthroughs, conversions, etc.)have occurred. As such, it is not possible to combine information aboutwhen the user 350 visited a particular advertiser's web site with when aclickthrough event of the user 350 is reported so that it cannot bedetermined that user 350 has viewed the advertiser's data.

Embodiments of the present invention are able to anonymously send thereport to the third party. For instance, in one embodiment, the reportis sent via any of the various mixmaster anonymous remailing protocols.In another embodiment, the report is sent using a statisticalanonymization method. That is, a random noise of a known mean is addedto counts, so that an administrator, when summing the count, canreconstruct an approximately correct count sum. In another embodiment,the report is sent using protocols used for the anonymous reporting ofvotes.

In one particular embodiment, for anonymity, the report is sent usingnon-connection type packets, where the source of the packet is obscured.For instance, in one embodiment, the report is sent using the userdatagram protocol (UDP). The UDP protocol does not establish a virtualcircuit, as in the transmission control protocol (TCP), nor does the UDPprotocol require acknowledgements. The UDP protocol in its basic formjust sends out messages.

To further protect the anonymity of the source, in embodiments of thepresent invention, the client 560, 575 provides a false source addresswhen sending the report. In particular, a false source address isprovided in packets containing the report that is sent using the UDPprotocol.

FIGS. 24, 25, and 26 in combination illustrate methods and systems foranonymous reporting of user activity related to data that is targeted tothe user 350. Specifically, the flow diagram 2400 of FIG. 24 illustratesthe flow of information for generating a signed authorization numberthat is blind to the signing party using a blind digital signaturetechnique, and anonymously sending and receiving a report that isauthenticated using the signed authorization number, in accordance withone embodiment. The flow chart 2500 of FIG. 25 illustrates thegeneration of the signed authorization number from the standpoint of aclient 560, 575, in one embodiment. The flow chart 2600 of FIG. 26illustrates the generation of the signed authorization number from thestandpoint of a third-party (e.g., the data distributor 520 in someembodiments) and the subsequent authentication of data received inconjunction with the signed authorization number, in one embodiment.

Referring now to FIG. 24, a flow diagram 2400 is shown illustrating theflow of information exhibited between a client 560, 575 and athird-party to achieve the anonymous reporting of user activity relatedto data targeted to the user, in accordance with one embodiment of thepresent invention. As shown in FIG. 24, components to the left of lineA-A are within the control of the user 350. For instance, in oneembodiment, the components to the left of line A-A are located locallywithin an electronic device associated with the user 350. In addition,components to the right of line A are located at the data distributor520, in another embodiment. Other embodiments locate the components tothe right of line A-A in a location that is remote from the datadistributor 520 but preserves the security of the information handled atthat remote location.

Flow diagram 2400 of FIG. 24 in conjunction with the flow chart of FIG.25 illustrates operations performed to the left of line A-A.Specifically, FIG. 25 illustrates steps in a computer implemented methodfor generating a signed authorization number that is signed blindly by athird party, in accordance with one embodiment of the present invention.The operations performed in flow chart 2500 are in the control of theuser 350, or electronic devices associated with the user 350. It isunderstood that the use of the term user 350 in relation to performingcomputer implemented operations includes the electronic devices that arein the control of or are associated with the user 350.

At 2510, the random number generator 2410 of the present embodimentgenerates a random number, R, as an output. The random number, R, isknown only to the client. More specifically, the number is randomlygenerated so that there is no correlation between the user 350 and R.The random number, R, is used as the basis for the signed authorizationnumber used to authenticate reports.

At 2520, the encryption engine 2420 encrypts R to generate an encryptedrandom number, E(R). As shown in FIG. 24, in step 1, R is sent from therandom number generator 2410 to the encryption engine 2420 to performthe encryption operation.

At 2530, the present embodiment sends E(R) to a third party (e.g., datadistributor 520). As shown in FIG. 24, in step 2 a, E(R) is sent withina message by the encryption engine 2420 that is associated with the user350 across line A-A to the validation module 2455 associated with thethird party. The validation module 2455 is able to parse the message todetermine whether the message containing E(R) was sent from a validclient. If the validation module 2455 determines that message containingE(R) was not sent from a valid client, then the message containing E(R)is discarded.

The message containing E(R) is formatted such that the third party knowsthat it is sent from a valid client. In one embodiment, the messagecontaining E(R) is signed by a client (e.g., encryption engine 2420)associated with the user 350. The signing is accomplished through anynumber of means, such as, using a shared secret, a digital signature,password known to the client and the third party, etc. The validationmodule 2455 is able to determine if the signature is associated with anyof a list of valid users known to the third party.

In still another embodiment, the validation module 2455 optionally isable to determine if the client associated with the user 350 is sendingmore than one request for a signed authorization number. That is, thevalidation module 2455 is able to determine if more than one messagecontaining an encrypted random number [E(R)] is sent as a request for asigned authorization number for a particular user 350 in a particularreporting period.

If more than one request is determined by the validation module 2455,then subsequent requests are discarded, in one embodiment. However, thevalidation module 2455 is able to determine if subsequent requestsinclude the same E(R), which could be resent if there are communicationdifficulties resulting in dropped messages. In this case, the validationmodule 2455 will proceed as if only one message containing E(R) wassent, since the resulting signed authorization number will be identicalto the previously returned signed authorization number.

Continuing, if the validation module 2455 determines that the messagecontaining E(R) was sent from a valid client, and optionally thateffectively only one request for a signed authorization number is madeby that client, then the validation module, as shown in step 2 b of FIG.24, sends E(R) to the signing module 2460. In general, the signingmodule 2460 signs E(R) as part of a blind digital signature technique togenerate [E(R)]_(s). The signing method is carefully chosen so that itcommutes with the decryption and encryption operations of the encryptionengine 2420. In particular, D[(E(R)]_(s))=[D(E(R))]_(s)=[R]_(s)=R_(s).Although the resulting blind digital signature will be R_(s), because Ris encrypted, the third party has no idea what R or R_(s) are. That is,the third party is capable of signing E(R) without knowing R. The thirdparty will be able to verify its signature on R when it is presentedwith R_(s) in the future. Operations performed to the right of line A-Ain relation to signing E(R) as part of a blind signature technique aredescribed below in full in relation to FIG. 27.

Continuing with operations on the left side of line A-A of FIG. 24, at2540, the present embodiment receives the encrypted random number thatis signed, [E(R)]_(S), by the third party As shown in FIG. 24, in step3, [E(R)]_(s), is received at the decryption engine 2440 on the userside of line A-A from the signing module 2460.

At 2550, the present embodiment decrypts the encrypted random numberthat is signed, [E(R)]_(S), by the third party to generate a signedauthorization number. As shown in FIG. 24, in step 3, the signing module2460 sends [E(R)]_(s) on the third party side of the line A-A to thedecryption engine 2440. As an output the decryption engine generates thesigned authorization number, R_(s), that is verifiable by the thirdparty. However, the third party is unable to correlate R_(s) with theuser 350. As shown further in FIG. 24, in step 4 b, the decryptionengine of the present embodiment sends R_(s) to the reporting engine2450.

The user activity monitor 2430 is able to monitor user interactions withdata targeted to the user. That is, activities related to data targetedto the user 350 based on a user profile are monitored. For instance,user interactions include impressions, clickthroughs, or conversions ofthe data targeted to the user 350, in embodiments of the presentinvention. In step 4 a of FIG. 24, the user activity monitor 2430 of thepresent embodiment sends the tracked user interactions to the reportingengine 2450.

The reporting engine is able to generate a report that details the userinteractions with data that is targeted to the user 350 based on theuser profile. The reporting engine 2450 combines the report with thesigned authorization number, R_(s), so that the third party is able toverify, or authenticate, or validate, etc. the report. As shown in FIG.24, the reporting engine 2450 sends, using an anonymous communicationmethod, the report along with R_(s) to the'report authentication module2470, in one embodiment. If the anonymous communication method isunreliable, this message may have to be sent several times to ensure itis received, in one embodiment.

Flow diagram 2400 of FIG. 24 in conjunction with the flow chart 2600 ofFIG. 26 illustrate operations performed to the right of line A-A.Specifically, FIG. 26 illustrates steps in a computer implemented methodfor signing an encrypted authorization number as part of a blind digitalsignature technique, in accordance with one embodiment of the presentinvention. In addition, the flow chart illustrates the use of the signedauthorization number to authenticate messages having the signedauthorization number for authentication purposes.

At 2610, the signing module 2460 at the third party signs the encryptednumber E(R) that is received from the client associated with the user350 indicated by the components located to the left of line A-A. Signingis performed after verifying that the client is a valid client, as shownin step 2 b of FIG. 24. Optionally, signing is only performed if noencrypted number has been previously received from this client or,alternately, if no encrypted number other than this one has beenpreviously received from this client. Also shown in FIG. 24, step 2 billustrates the receipt of E(R) by the signing module 2460 as sent bythe encryption engine 2420. The signing module 2460 signs E(R) as partof a blind digital signature technique. As noted before, the signingmethod is carefully chosen so that it commutes with the decryption andencryption operations of the encryption engine 2420. In particular,D([E(R)]_(s))=[D(E(R))]_(s)=[R]_(s)=R. The third party is able sign E(R)without knowing R. That is, the signing module 2460 generates the signedencrypted random number, [E(R)]_(s) as an encrypted blind digitalsignature. The encrypted blind digital signature when decrypted is asigned authorization number.

At 2620, the signing module 2460 sends [E(R)]_(s) to the client 560,575. As shown in FIG. 24, the signing module 2460 sends [E(R)]_(s) tothe decryption engine 2440. The client 560, 575 is able to generate thesigned authorization number from [E(R)]_(s) through decryption. That is,the encrypted random number that is signed, [E(R)]_(s), when decryptedby the client 560, 575 generates the signed authorization number, R_(s),as previously described in relation to the description of the decryptionengine 2440.

Additionally, a feature of the blind signature technique allows thethird party to recognize the signed authorization number R_(s) as beingsigned by the third party. That is, the third party is able to verifyR_(s), the signed authorization number. The authorization number or therandom number, R, is controlled by the client and known only to theclient. As such, the third party is unable to correlate R or the signedR, R_(s), to the user 350 in any anonymous communication featuringR_(s).

At 2630, the third party receives communication from an anonymoussource. For example, as shown in FIG. 24, in step 5, the reportauthentication module 2470 receives a report detailing activities of theuser 350 related to targeted data. That is, the report details userinteractions with data targeted to the user based on the user profile.In addition, the report authentication module 2470 receives R_(s) thatis used for authentication. That is, the communication is associated andreceived with the signed authorization number, R_(s), for authenticationpurposes. As described previously, the third party cannot correlate R orR_(s) to the user 350.

In addition, the communication is sent anonymously using previouslydescribed communication protocols. For example, in one embodiment, thecommunication is sent and received using the UDP communication protocol.

At 2460, the present embodiment authenticates the communication usingthe signed authorization number. Specifically, the report authenticationmodule 2470 authenticates the communication using R_(s). The blindsignature technique allows the third party to recognize and verifyR_(s). That is, the third party is able to verify that R_(s) was signedby the third party itself. As such, the third party is able toauthenticate, or validate, any communication associated with R_(s).

In one embodiment, the report authentication module 2470 validates thereport when R_(s) is verified. In another embodiment, the reportauthentication module 2470 invalidates the report when R_(s) has notbeen verified as being signed by the signing module 2460 at the thirdparty.

Another embodiment is able to guard against other parties attempting toinfluence aggregate statistics. For example, rivals of advertisers maywish to inflate a particular advertiser's impression, or clickthrough,or conversion numbers to cause economic harm. False reports areinvalidated by the present embodiment since only data (e.g., reports)from valid sources are accepted. In particular, the present embodimentonly accepts data that is authenticated using a number signed by thethird-party, which must have been sent from a valid client. In oneembodiment, if two or more reports accompanied with the same signedauthorization number are received, they are discarded. In anotherembodiment, only the last received report with any given signedauthorization number is used to compile statistics. In one embodiment,in order to handle retransmissions, only the first report of any givenset of duplicate reports is counted.

Secondly, the present embodiment accepts data that is found withinacceptable boundaries. That is, each of the reporting clients (e.g.,user 350) is allowed to report data within an acceptable boundary. Forinstance, each client is allowed to report only a small number ofimpressions, clickthroughs, and conversions per targeted data (e.g.,advertisements). Reports with too many reported events are discarded. Asshown in FIG. 24, the third party is able to perform further operationson the data received in the communication with the user 350.Specifically, after the report has been authenticated by the reportauthentication module 2470, the data acceptance module 2480 is ableexamine the report and accept or validate data generated in the reportreceived from the reporting engine 2450.

As such, in one embodiment, the data acceptance module 2480 validatesthe report when information in the report is within acceptableboundaries. In another embodiment, the data acceptance module 2480invalidates the report when information in the report is outsideacceptable boundaries.

As a result, the present embodiment is able to compile statisticsgenerated from anonymous reports accepted from a plurality of clients.Specifically, the present embodiment is able to assign authorizationnumbers, one per valid client, without learning which client wasassigned which authorization number. Further these authorization numbersare signed to provide further security. As such, each client receives asigned authorization number that is unique to the client, unknown to thethird party, but verifiable by the third party. Moreover, only reportsthat are accompanied by associated signed authorization numbers that aresigned by the third party (e.g., data distributor 520) having data thatfall within acceptable boundaries are counted when compiling statistics.In addition, multiple data packets of information with the sameauthorization number are considered to be part of the same report in oneembodiment.

In still another embodiment, each of the authorization numbers and theircorresponding signed authorization numbers are allowed to expire forfurther security. As such, the present embodiment periodically issuesnew authorization numbers. That is, the new authorization numbers aresigned with a new key, in one embodiment.

In another embodiment, the signed authorization number may indicate astatus indicating the trustworthiness of the user 350. For instance, oneembodiment divides up valid clients into two states: probationary andaccepted using the user status sorter 2485. In the present embodiment,clients joining the targeted advertisement system would be placed onprobationary status until they have demonstrated their trustworthiness.For instance, in one embodiment clients demonstrating that they canreceive mail at a unique, physical, postal address would demonstratetrustworthiness and be changed to an accepted status. In anotherembodiment, different signing keys are used to distinguish reportscoming from clients with different statuses. That is, the signedauthorization numbers obtained by probationary clients are signed usinga different key than the signed authorization numbers obtained byaccepted clients. The signing module 2460 chooses which signing key touse based on output from status sorter 2485. The third party is able todistinguish which type of client a report came from because it candistinguish the two kinds of signatures.

In still other embodiment, finer graduations of status states arepossible. These graduations may be based on the expected probabilitythat a client of a certain kind can be falsely created or subverted.

As an application, the data acceptance module can invalidate informationreceived in reports from probationary clients in the event of a hackerattack that has created multiple, false clients. These new clients wouldbe in a probationary state and can therefore be invalidated separately.

FIG. 27 is a flow chart 2700 illustrating steps in a computerimplemented method for transferring cash or credits anonymously, inaccordance with one embodiment of the present invention. By transferringanonymously here, it is understood that the identity of the person beingpaid is being hidden from the payer. The operations in flow chart 2700are used to compensate the user 350 for activities related to data thatis targeted to the user based on an associated user profile.

At 2705, the present embodiment generates a public, private key pair,wherein the key pair is unknown to the third party. In particular, thethird party should be unable to link the generated public key to theuser. This may be done by generating a new random key pair, in oneembodiment. The private key of a key pair can be used to decryptmessages encrypted by the public key of that key pair.

At 2710, the present embodiment anonymously sends the public key with areport to the third party. That is, a report detailing interactions withtargeted data of a user 350 is generated and sent along with the publickey to the third party (e.g., the data distributor 520). The public keyis associated with a private key in the key pair.

At 2720, the present embodiment receives compensation for activitiesrelated to the targeted data. For instance, the user 350 may becompensated for viewing an advertisement that is targeted to the user350 based on an associated user profile. The advertiser is willing topay the user 350 for viewing the advertisement.

In the present embodiment, the compensation is encrypted using thepublic key. That is, the present embodiment receives the compensation inencrypted form. At 2730, the present embodiment performs decryption todecrypt the encrypted compensation. Decryption is performed using theprivate key of the key pair.

In one embodiment, because the third party does not know who the reportis from, the encrypted compensation is broadcasted to a plurality ofusers that includes the user. However, only the holder of the privatekey that is associated with the public key used to encrypt thecompensation can successfully decrypt the compensation. As such, onlythe user 350's client is able to decrypt the compensation for personalgain.

FIG. 28 is a flow chart illustrating a computer implemented method for acommitment scheme with payments that are delivered anonymously (i.e.,without knowing the payee's identity), in accordance with one embodimentof the present invention. Specifically, the present embodiment providesfor a commitment scheme that is used to pay forprovably-correctly-targeted impression, clickthroughs, and conversions.

At 2805, the present embodiment generates a public, private key pair,wherein the key pair is unknown to the third party. In particular, thethird party should be unable to link the generated public key to theuser. This may be done by generating a new random key pair.

At 2807, the present embodiment generates a user profile based on userinformation that is collected from at least one electronic device thatis associated with the user. That is, the present embodiment is capableof collecting user information, generating a user profile based on theuser information, and storing the user profile, such that the userprofile can be used to achieve delivery of data, which can be targetedto the user 350 without requiring a release of any of the userinformation in the user profile using techniques previously discussed inrelation to FIGS. 1, 2A, 2B, 7, 9, and others.

At 2808, the present embodiment commits to the user profile that isgenerated. That is, the present embodiment commits to the currentversion of the user profile that is used for targeted data delivery.This process produces a commitment token plus possibly some secrets as aresult and has the effect that the committer will be unable to lie laterabout what was in the committed-to user profile associated with thecommitment token.

At 2810, the present embodiment anonymously sends the commitment (i.e.,the commitment token) with a signed authorization number and the publickey to the third party (e.g., a data distributor). The generated signedauthorization number was previously described in relation to FIGS. 23,24, 25, and 26. Specifically, the signed authorization number is signedby the third party but is unknown to the third party. However, the thirdparty is able to verify the signed authorization number, and is able toauthenticate the commitment sent with the signed authorization number.

At 2820, the present embodiment receives an offer soliciting delivery ofdata. The operation performed in 2820 is analogous to the operations inpart performed in 730 of FIG. 7, in accordance with one embodiment ofthe present invention. More specifically, in one embodiment, the offerincludes a query that defines selection criteria for targeted userprofiles. That is, the query within the offer is used to determine ifthe user receiving the offer is a user who is targeted. For instance,the selection criteria contains certain characteristics that areimportant in distinguishing the targeted user profiles from other userprofiles. The offer is not specifically sent to particular users.Instead, the offer is forwarded to a broad group of users. Thus, theinformation contained within the offer is used to select and target thedelivery of data to particular users.

At 2822, the present embodiment determines if the user profile satisfiesthe selection criteria defined in the query. The operation performed in2822 is analogous to the operations in part performed in 740 of FIG. 7,in accordance with one embodiment of the present invention. Inparticular, the user profile is compared against the selection criteria.In particular, the determination if a user's profile satisfies theselection criteria is made without requiring a release of the userinformation. The embodiment proceeds only if the user profile satisfiesthe selection criteria defined in the query (i.e., user is targeted bythe offer)

At 2830, the present embodiment then anonymously sends a proof that thequery contained in the offer satisfies the committed-to user profile,which is associated with the commitment token sent to the third party.The proof is sent along with the signed authorization number, in oneembodiment. In one embodiment, the proof is accompanied by informationabout whether the user viewed the data, clicked on it, or convertedrelative to the data. This present embodiment utilizes the techniquesfor anonymous reporting, as previously described in FIGS. 23-27.

At 2840, the present embodiment receives encrypted compensation for thecommitted-to user profile satisfying the query. The encryptedcompensation is encrypted by the third party using the public key.Specifically, the third party sends the appropriate amount ofuntraceable electronic cash encrypted with the corresponding public key.That is, the user 350 receives compensation for activities related totargeted data that targets them. For instance, an advertiser is willingto pay the user 350 for viewing an advertisement if their committed-touser profile satisfies the query. A proof that the user's user profilesatisfied the query before the offer was received is required to preventthe user from cheating by changing their user profile to match thequery.

At 2850, the present embodiment decrypts the encrypted compensationusing the private key. As such, only the holder of the private key isable to decrypt and claim the benefits of the compensation.

In one embodiment, because the private key of the key pair is known onlyby the user 350's client, the encrypted compensation can be broadcastedto a plurality of users. However, only the holder of the private keythat is associated with the public key used to encrypt the compensationcan successfully decrypt the compensation. As such, only the user 350'sclient is able to decrypt the compensation for personal benefit.

In another embodiment, the encrypted compensation is directly sent tothe user 350. That is, if the system for anonymous commutation permitsreplies to anonymous messages, then the encrypted compensation can besent anonymously directly to the user 350. In this case, encryption maynot be needed and steps 2805 and 2850 can be omitted.

While the invention is described in conjunction with the preferredembodiments, it is understood that they are not intended to limit theinvention to these embodiments. On the contrary, the invention isintended to cover alternatives, modifications and equivalents, which maybe included within the spirit and scope of the invention as defined bythe appended claims. Furthermore, in the detailed description of thepresent invention, numerous specific details are set forth in order toprovide a thorough understanding of the present invention. However, itwill be recognized by one of ordinary skill in the art that the presentinvention may be practiced without these specific details. In otherinstances, well-known methods, procedures, components, and circuits havenot been described in detail as not to unnecessarily obscure aspects ofthe present invention.

1. A computer implemented method for anonymous reporting, in a systemfor targeted data delivery, comprising: collecting, by said computer,user information about a user from at least one electronic deviceassociated with said user; generating, by said computer, a user profilebased on said user information; storing, by said computer, said userprofile, wherein delivery of data is targeted to said user based on saiduser profile; and anonymously reporting, by said computer, user activityrelated to said targeted data, comprising: aggregating, by saidcomputer, metric information associated with said user activity from aplurality of users; generating, by said computer, an encrypted numberand transmitting said encrypted number to a third party; receiving, bysaid computer, an encrypted blind digital signature of said encryptednumber from said third party; generating, by said computer, a signedauthorization number by decrypting said encrypted blind digitalsignature, wherein said signed authorization number is signed by saidthird party but unknown to said third party; attaching, by saidcomputer, said signed authorization number to a report detailing saiduser activity; and sending, by said computer, said report with saidsigned authorization number to said third party to preserve reportingprivacy of said user, wherein said third party authenticates said reportusing said signed authorization number.
 2. The method of claim 1,wherein said generating a signed authorization number further comprises:generating a random number; encrypting said random number to generate anencrypted random number; sending said encrypted random number to saidthird party; receiving said encrypted random number that is signed bysaid third party; and decrypting said encrypted random number that issigned by said third party to generate said signed authorization number.3. The method of claim 1, wherein said aggregating metric informationfurther comprises: monitoring user interactions with said targeted data;and generating said report detailing said interactions.
 4. The method ofclaim 3, wherein said user interactions include: impressions of saiddata targeted to said user; clickthroughs of said data targeted to saiduser; and conversions of said data targeted to said user.
 5. The methodof claim 1, wherein said third party comprises a distributor of saidtargeted data, and wherein said sending said report further comprisessaid data distributor providing said report to a source of said data. 6.The method of claim 1, wherein said sending said report furthercomprises: sending a public key with said report to said third party,wherein said public key is associated with a private key in a key paircontrolled by said user; receiving encrypted compensation for said useractivity, wherein said encrypted compensation is encrypted by said thirdparty using said public key; and decrypting said encrypted compensationusing said private key.
 7. The method of claim 1, further comprising:committing to said user profile yielding a commitment; anonymouslysending said commitment with said signed authorization number to saidthird party; sending a public key with said commitment to said thirdparty, wherein said public key is associated with a private key in a keypair controlled by said user; generating a proof that selection criteriaof a received offer for targeted data delivery is satisfied by said userprofile; receiving encrypted compensation for said user profilesatisfying said selection criteria, wherein said encrypted compensationis encrypted by said third party using said public key; and decryptingsaid encrypted compensation using said private key.
 8. A computerimplemented method for authenticating communication, in a system fortargeted data delivery, comprising: generating, by said computer, anencrypted blind digital signature by signing an encrypted numberreceived from a client associated with a user, at a third party, whereinsaid encrypted blind digital signature is unencrypted to generate asigned authorization number verifiable by said third party but unknownto said third party, and wherein delivery of data is targeted to saiduser based on a user profile associated with said user defining usercharacteristics that satisfy selection criteria associated with saiddata; sending, by said computer, said encrypted blind digital signatureto said client, wherein said client generates said signed authorizationnumber through decryption of said encrypted blind digital signature;receiving, by said computer, a communication from an anonymous source,wherein said communication is authenticated with said signedauthorization number and comprises a report aggregating from a pluralityof users metric information associated with user activity related tosaid targeted data; and authenticating, by said computer, saidcommunication using said signed authorization number.
 9. The method ofclaim 8, wherein said user activity comprises: user interactions withsaid targeted data.
 10. The method of claim 8, further comprising:invalidating said report when information in said report is outsideacceptable boundaries; and invalidating said communication when saidsigned authorization number is not verified.
 11. The method of claim 9,wherein said user interactions include: impressions of said datatargeted to said user; clickthroughs of said data targeted to said user;and conversions of said data targeted to said user.
 12. The method ofclaim 8, wherein said third party comprises a distributor of saidtargeted data, and said data distributor provides said report to asource of said data.
 13. The method of claim 8, further comprising:before said generating said encrypted blind digital signature,determining said client is a valid client.
 14. The method of claim 8,further comprising: associating a trustworthiness status with said user,wherein said trustworthiness status is selected from a probationarystatus and an accepted status.
 15. A non-transitory computer-readablemedium containing application instructions where said applicationinstructions when executed effect a method for anonymous reporting,comprising: collecting user information about a user from at least oneelectronic device associated with said user; generating a user profilebased on said user information; storing said user profile, whereindelivery of data is targeted to said user based on said user profile;and anonymously reporting user activity related to said targeted data,comprising: collecting metric information associated with said useractivity in aggregate from a plurality of users; generating an encryptednumber and transmitting said encrypted number to a third party;receiving an encrypted blind digital signature of said encrypted numberfrom said third party; generating a signed authorization number bydecrypting said encrypted blind digital signature, wherein said signedauthorization number is signed by said third party but unknown to saidthird party; attaching said signed authorization number to a reportdetailing said user activity; and sending said report with said signedauthorization number to said third party to preserve reporting privacyof said user, wherein said third party authenticates said report usingsaid signed authorization number.
 16. The application instructionsrecited in claim 15, wherein collecting metric information furthercomprises: monitoring user interactions with said targeted data; andgenerating said report detailing said interactions.
 17. The applicationinstructions recited in claim 16, wherein said user interactionsinclude: impressions of said data targeted to said user; clickthroughsof said data targeted to said user; and conversions of said datatargeted to said user.
 18. The application instructions recited in claim15, wherein said third party comprises a distributor of said targeteddata, and wherein said sending said report further comprises said datadistributor providing said report to a source of said data.
 19. Theapplication instructions recited in claim 15, wherein sending saidreport further comprises: sending a public key with said report to saidthird party, wherein said public key is associated with a private key ina key pair controlled by said user; receiving encrypted compensation forsaid user activity, wherein said encrypted compensation is encrypted bysaid third party using said public key; and decrypting said encryptedcompensation using said private key.
 20. The application instructionsrecited in claim 15, further comprising additional instructions which,when executed effect said method for anonymous reporting, saidadditional instructions comprising: committing to said user profilegenerating a commitment; anonymously sending said commitment with saidsigned authorization number to said third party; sending a public keywith said commitment to said third party, wherein said public key isassociated with a private key in a key pair controlled by said user;generating a proof that selection criteria of a received offer fortargeted data delivery is satisfied by said user profile; receivingencrypted compensation for said selection criteria satisfying said userprofile, wherein said encrypted compensation is encrypted by said thirdparty using said public key; and decrypting said encrypted compensationusing said private key.